This proposal is a sequel to the InfoSec World 2023 "Lessons Learned from a Policy Stack Transformation" session. It focuses on unexpected insights gleaned from from tackling resource constraints and balancing security objectives with usability during Washington State policy transformation.
The session highlights three points essential to driving cultural change by engaging with stakeholders when designing a policy stack.
1) Organizational structure impacts security requirement implementation.
2) Data governance maturity impacts risk management requirements.
3) Equity and usability considerations impact data protection requirements.
Learning Objectives: