constantly changing security landscape
data collection, storage, transmission, use, destruction
create a schedule for vendor reassessment
resource constrained teams may be unable to keep up
how would you respond to an attack? do you have a plan in place?
ensure every system, vendor, employee is compliant
make sure no bad actors can log into your system
security and risk education policy for employees