I am information security manager, Iso/CEI27001 Lead Auditor certified. During several years, my job was security governance and compliance auditor, also CISO advisor and I created several good practices guidebooks for big companies. Dashboards are today very badly used, it is easy to perceive it in organizational audit or in CISO support mission. Be "compliant", protecting the company from financial losses by providing results to insurers and not protecting the company from attacks is the new way to do security. Workers are constantly being asked for numbers. Those information are concatenated, absorbed, rereconcatained, etc ... the more one goes up in the hierarchy. In the end, security issues are totally drowned and other problems, which are more evident, are given priority in terms of processing. I propose an analysis of the practices and issues as well as recommendations for a new and more secure governance with a methodology based on ITIL methodology an Iso27001 standards.