Synovus has eight different high-level policies across all 37 banks with those pointing to more “fluid” standards. The standards surround issues like access control, acceptable use policy, asset classification, anti-virus. “One of the biggest hurdles we faced was to understand the business and the risks associated with the business,” says director of Information Security Steven Jones. He advises other institutions to pay heed to the power of cross-functional cross-functionality in the governance process. “You’ll be surprised how much they had in common concern they have about how much concern they all have about the same issues, like privacy and data security,” Jones says.”]
Source: https://www.cuinfosecurity.com/governance-case-study-synovus-a-715