|Click for Larger Image.|
The Power of One. Security Awareness.
This is the number one concern among CISOs. It should be. It must be. Hands down. No question.
DLP: Your Last Line of Defense.
You've been compromised because you refused to spend the time/resources  hiring the right person,  hiring the right auditing firm,  buying the right equipment,  listening to your team,  etc... Perhaps you did everything right and were still compromised. Either way, your DLP system might be the last control that either prevents or alerts you right away that something isn't right.
Missing: Compliance and Audit for the Midsize Enterprise
Because I don't have a compliance guy. Because it's too hard. Because it's too expensive. Because it's too disruptive. The solutions are rapidly evolving. I'm in the mix hearing from the different vendors how they plan on addressing these concerns. None of them are perfect, but they are getting better.
See the full report here (451 access required): Enterprise Security: A Peek Into the Psychographics of the CISO (Security Quarterly: February 21, 2012)