Recommended Key Initiative Plan

These 9 initiatives have been found to elicit the most significant measurable impact for professionals in this role.

Diagnose Security Issues

Despite all the security-related headlines in the news over the past few years, 94% of companies have experienced data breaches due to being stuck in reactive mode for operations.

Download Research

Activities

  • Diagnose your security function to assess areas of maturity
  • Penetration test critical systems and perimeter operations
  • Assess known areas of security weakness for mitigation effectiveness

Benefits

  • Gain knowledge of current state of security operations
  • Gain an understanding of primary areas to start assessment for improvement

Build an Information Security Strategy

90% of companies are still in reactive mode when handling security issues. Elevate your security operations out of reactive "block and tackle" models and become a proactive juggernaut.

Download Research

Activities

  • Assess your security requirements based on business-critical operations and areas of focus
  • Perform a gap analysis to align future state with business plans
  • Develop strategic/tactical deployment plans

Benefits

  • Create a security strategy that will grow with your business model
  • Ensure that the security strategy will be nimble, elastic, and flexible to allow for future growth and technology adoption

Optimize Security Mitigation Effectiveness

The IT landscape evolves every 3 years, and security controls become obsolete over time. Being able to measure mitigation effectiveness leads to security excellence.

Download Research

Activities

  • Define and update your operational threat models
  • Review current mitigations to ensure that they are still effective for the current business models
  • Retire ineffective mitigations to optimize the security spend

Benefits

  • Repurpose and remove obsolete security controls
  • Ensure that the proper amount of security effort is being deployed at any time

Consolidate Security Risk Management Solutions

CISOs and CIOs must understand how to assess risk. It's easy to describe the value of risk management, but the question becomes how to manage the risk.

Download Research

Activities

  • Develop a risk assessment process to understand the current environment
  • Build a risk inventory for visibility
  • Define your tolerance levels
  • Measure business impact from potential risks

Benefits

  • Security risks are identified and evaluated using a consistent and quantifiable framework
  • Increase security effectiveness and culture by incorporating into IT operations

Develop a Security Incident Management Program

Security incidents are inevitable, but how they're dealt with can make or break an organization. Poor incident response negatively impacts the business in multiple ways.

Download Research

Activities

  • Prepare your organization for incident response with formally documented policies
  • Build a customized incident response plan library
  • Optimize the incident management process by tracking metrics

Benefits

  • Respond faster and more effectively by leveraging a mature process
  • Turn potential breaches into minor incidents

Build a Security Awareness and Training Program

The #1 method of penetration by hackers is social engineering against humans. The best technology cannot prevent untrained humans from providing hackers with critical access information.

Download Research

Activities

  • Assess and understand the human roles within a company and the threat models they define
  • Assess and plan an educational model to establish a culture of security
  • Define a training and testing model

Benefits

  • Significantly reduce susceptibility of end users as attack vectors
  • Socialization of security into corporate culture as a proactive protection environment

Develop and Deploy Security Policies

Many companies still use regulatory governance as their policy control rather than using their business' DNA to create policy. Make policy work for you to enhance your company's security.

Download Research

Activities

  • Align your security policy with business imperatives; assess and prioritize policies
  • Develop a fundamental policy suite that covers all functional areas
  • Develop a procedural policy suite

Benefits

  • Develop a guideline for your business' security controls, methods, and standards
  • Create a policy suite that is properly aligned to business objectives

Select and Implement a Governance, Risk, and Compliance Solution

Get the big picture of roles and responsibilities, operations, and compliance obligations and be able to manage them within one solution.

Download Research

Activities

  • Decide what kind of GRC solution is for you: a full-on investment in technology or a value-conscious option
  • Familiarize yourself with the product space and which features each one offers
  • Prepare to roll out your GRC strategy

Benefits

  • The work of evaluating GRC solutions is done for you through our report
  • Use our tools and templates to make an informed decision on what to pursue in this space

Build a Risk-Based Security Budget

For years, security operations have been improperly seen as a cost center. Help your C-suite and board of directors see the value of security operations.

Download Research

Activities

  • Assess the drivers of security costs and headcount
  • Learn when to depreciate older, less effective security solutions
  • Create a strategic security solution evolution model to invest in the appropriate tools at the right time

Benefits

  • Effectively show the C-suite and board of directors that security is not just a cost center
  • Align risk models and security costs to business objectives
1 / 9
  • 1. Diagnose Security Issues
  • 2. Build an Information Security Strategy
  • 3. Optimize Security Mitigation Effectiveness
  • 4. Consolidate Security Risk Management Solutions
  • 5. Develop a Security Incident Management Program
  • 6. Build a Security Awareness and Training Program
  • 7. Develop and Deploy Security Policies
  • 8. Select and Implement a Governance, Risk, and Compliance Solution
  • 9. Build a Risk-Based Security Budget

Security Risk, Strategy & Governance

Featured Blueprints

Security Priorities 2022

April 19, 2022

The Security Priorities 2022 report identifies what CISOs should be focusing on this year and how to take action.

Integrate IT Risk Into Enterprise Risk

April 01, 2022

Integrate IT risks into the enterprise risk management (ERM) program to make strategic risk-informed decisions that drive the organization forward ...

Build an IT Risk Management Program

April 01, 2022

Managing risk has never been more important. Ensure that your organization has an established and manageable way of governing a process related to ...

Discover and Classify Your Data

December 13, 2021

The sensitivity of data varies significantly, from public information to highly confidential trade secrets. To ensure proper protection, businesses...

Mature Your Privacy Operations

October 20, 2021

This blueprint will help you to operationalize your privacy program by guiding you through processes related to determining your current state, dra...

Threat Preparedness Using MITRE ATT&CK®

August 10, 2021

Info-Tech has developed an approach to prioritizing the threat areas that are most pressing to your enterprise. Using the MITRE ATT&CK framework, i...

Embed Privacy and Security Culture Within Your Organization

May 27, 2021

A strong security program and privacy framework are fundamental to successful organizations and require a proactive approach that embeds principles...

Assess the Viability of M365/O365 Security Add-Ons

May 10, 2021

Your security budget is being slashed and you need to find creative ways of securing the environment. You are familiar with Microsoft, but it’s nev...

Browse Topics

Data Privacy
Governance, Risk & Compliance
Security Strategy & Budgeting

Resources

Tools

View all 82 Tools

Templates & Policies

View all 114 Templates & Policies

Security Threat Intelligence

View all 51 Security Threat Intelligence

Security Technology & Operations

Featured Blueprints

Assess and Govern Identity Security

December 03, 2021

Security leaders view modernizing identity security as too daunting and prefer to focus on narrower technology challenges. This limited focus is re...

Implement Risk-Based Vulnerability Management

April 16, 2021

Vulnerabilities will always exist. Addressing these will consume your department’s time and resources, and your efforts will quickly become stale a...

Identify the Components of Your Cloud Security Architecture

March 12, 2021

Info-Tech has developed an approach to cloud security that is built on the strong foundations of our security strategy model that has been successf...

Create a Ransomware Incident Response Plan

March 09, 2021

Ransomware has the attention of every executive team. The challenge is translating that attention into specific actions to improve your organizatio...

Mature Your Identity and Access Management Program

November 05, 2020

Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT. ...

Build a Cloud Security Strategy

October 06, 2020

Info-Tech has developed an approach to cloud security that is built on the strong foundations of our security strategy model that has been successf...

Build a Security Metrics Program to Drive Maturity

September 18, 2020

Many security leaders put off adding metrics to their program because they don't know where to start or how to assess what is worth measuring.

Design a Coordinated Vulnerability Disclosure Program

August 10, 2020

Businesses prioritize speed to market over secure coding and testing practices in the development lifecycle. As a result, vulnerabilities exist nat...

Browse Topics

Endpoint Security
Identity & Access Management
Secure Cloud & Network Architecture
Security Processes & Operations
Threat Intelligence & Incident Response

Resources

Tools

View all 63 Tools

Templates & Policies

View all 115 Templates & Policies

Security Threat Intelligence

View all 51 Security Threat Intelligence

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy