This document discusses security as a service (SECaaS) and security governance. It defines SECaaS as outsourcing cybersecurity such as data protection, network security, and database security to the cloud. Benefits of SECaaS include access to latest security software and qualified personnel at reasonable cost. The document also describes security governance as a set of tools, roles and processes for formal risk management, including access control policies, data classification, and password management. The main purpose of security governance is to oversee cybersecurity teams and prioritize risks according to business needs.