Security funding and support can’t rely on regulatory drivers. Its time CISOs, Risk Mgmt officers, and other groups demonstrate security ROI and communicate security strategy in terms that executive management understands.
Understand the ‘forces’ that result in a change to the effectiveness of the security framework.