Build a Security Governance and Management Plan
Establish the missing bridge between security and the business to support tomorrow’s enterprise with minimal resources.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Non-existent governance and management in regards to security results in:
- Wasted investments in new security technologies.
- No oversight of the entire security program.
- The business is left to wonder how security is enabling them and helping them become safe.
- An ad hoc approach to new security threats.
A formal security governance and management program results in:
- A clear understanding of the business strategy & objectives in relation to security.
- Continuous improvement achieved through a good security measurement program.
- Cost savings from incident reductions and wise technology investing.
- Better people management from your end users to the executive board.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Assess Security Requirements
The Purpose
- Demonstrate the value of implementing or improving security governance and management for the business.
- Define the risk tolerance of the organization.
- Objectively assess security pressure posture based on our list of comprehensive criteria.
- Provide a security posture description that business stakeholders can easily digest.
Key Benefits Achieved
- Understand the value of information security governance.
- Gain a better understanding of the organization’s risk tolerance and security pressure posture.
Activities: | Outputs: | |
---|---|---|
1.1 | Define goals/objectives for the workshop. |
|
1.2 | Demonstrate the value and challenges of security governance and management. |
|
1.3 | Define the risk tolerance. |
|
1.4 | Define the security pressure posture. |
|
Module 2: Perform a Gap Analysis
The Purpose
- Define the current security capabilities and maturity of the governance and management.
- Develop a security target state based on the organization’s security risk profile and conduct a gap analysis.
Key Benefits Achieved
- Visualize the organization’s current security capabilities and maturity level.
- Build the foundation for determining your security target state by understanding the organization’s security needs and scope.
Activities: | Outputs: | |
---|---|---|
2.1 | Assess current security capabilities and performance. |
|
2.2 | Define security target state. |
|
Module 3: Develop Gap Initiatives
The Purpose
- Develop gap initiatives to reach your security governance and management target state.
- Assess the organization’s readiness to implement the gap initiatives and scale the initiatives to develop a feasible implementation plan.
Key Benefits Achieved
- Identified gap initiatives to augment the security program.
- Understanding of the resources needed to implement all the initiatives.
Activities: | Outputs: | |
---|---|---|
3.1 | Identify security gaps. |
|
3.2 | Build initiatives to bridge the gap. |
|
3.3 | Estimate the resources needed. |
|
3.4 | Prioritized gap initiatives. |
|
3.5 | Determine start time and accountability. |
|
Module 4: Implement Gap Initiatives
The Purpose
- Finalization and approval of the final roadmap and action plan.
- Development of various governance and management deliverables to lay the foundation in place.
- Development of effective metrics in order to measure the program.
Key Benefits Achieved
- Implementation timeline for the future.
- Governance and management deliverables to act as a starting point.
- Security metrics to implement.
Activities: | Outputs: | |
---|---|---|
4.1 | Finalize roadmap and action plan. |
|
4.2 | Build out governance and management deliverables. |
|
4.3 | Develop security metrics. |
|