Internal awareness is one area where most organisations fail; helping their internal staff understand their obligations and the role they play in data management. How they see data, how they take devices out of companies, whether they see data on non-encrypted devices and things like that. So its a whole data awareness management issue.
Another area is the openness of companies network with their business partners. There is no use having very strong controls around how your internal staff and how your organisation manages data, when you have not assessed the way your business partners manage security.
So what most organisations do is to look at how their business partners manage data and annually assess their control framework. Organisations that approach it around these aspects tend to have a much greater control framework on managing data.
Sign up for CIO Asia eNewsletters.