changing systems requires new security
Are you moving your systems to the Cloud, or exposing your existing systems to those outside your existing security perimeter - such as your customers and vendors, and their systems? Perhaps putting API functionality in front of older systems to extend their usefulness?
CAN YOU Patch instantly?
When a new security patch is announced, can you apply these patches instantly to all your systems? Or does it take time while you test them?
Does your PIN testing show that sometimes your employees fall for Phishing Attacks?
Can you prevent employees from downloading information they don't normally access just before they resign?