Recommended Key Initiative Plan

These 9 initiatives have been found to elicit the most significant measurable impact for professionals in this role.

Diagnose Security Issues

Despite all the security-related headlines in the news over the past few years, 94% of companies have experienced data breaches due to being stuck in reactive mode for operations.

Download Research

Activities

  • Diagnose your security function to assess areas of maturity
  • Penetration test critical systems and perimeter operations
  • Assess known areas of security weakness for mitigation effectiveness

Benefits

  • Gain knowledge of current state of security operations
  • Gain an understanding of primary areas to start assessment for improvement

Build an Information Security Strategy

90% of companies are still in reactive mode when handling security issues. Elevate your security operations out of reactive "block and tackle" models and become a proactive juggernaut.

Download Research

Activities

  • Assess your security requirements based on business-critical operations and areas of focus
  • Perform a gap analysis to align future state with business plans
  • Develop strategic/tactical deployment plans

Benefits

  • Create a security strategy that will grow with your business model
  • Ensure that the security strategy will be nimble, elastic, and flexible to allow for future growth and technology adoption

Optimize Security Mitigation Effectiveness

The IT landscape evolves every 3 years, and security controls become obsolete over time. Being able to measure mitigation effectiveness leads to security excellence.

Download Research

Activities

  • Define and update your operational threat models
  • Review current mitigations to ensure that they are still effective for the current business models
  • Retire ineffective mitigations to optimize the security spend

Benefits

  • Repurpose and remove obsolete security controls
  • Ensure that the proper amount of security effort is being deployed at any time

Consolidate Security Risk Management Solutions

CISOs and CIOs must understand how to assess risk. It's easy to describe the value of risk management, but the question becomes how to manage the risk.

Download Research

Activities

  • Develop a risk assessment process to understand the current environment
  • Build a risk inventory for visibility
  • Define your tolerance levels
  • Measure business impact from potential risks

Benefits

  • Security risks are identified and evaluated using a consistent and quantifiable framework
  • Increase security effectiveness and culture by incorporating into IT operations

Develop a Security Incident Management Program

Security incidents are inevitable, but how they're dealt with can make or break an organization. Poor incident response negatively impacts the business in multiple ways.

Download Research

Activities

  • Prepare your organization for incident response with formally documented policies
  • Build a customized incident response plan library
  • Optimize the incident management process by tracking metrics

Benefits

  • Respond faster and more effectively by leveraging a mature process
  • Turn potential breaches into minor incidents

Build a Security Awareness and Training Program

The #1 method of penetration by hackers is social engineering against humans. The best technology cannot prevent untrained humans from providing hackers with critical access information.

Download Research

Activities

  • Assess and understand the human roles within a company and the threat models they define
  • Assess and plan an educational model to establish a culture of security
  • Define a training and testing model

Benefits

  • Significantly reduce susceptibility of end users as attack vectors
  • Socialization of security into corporate culture as a proactive protection environment

Develop and Deploy Security Policies

Many companies still use regulatory governance as their policy control rather than using their business' DNA to create policy. Make policy work for you to enhance your company's security.

Download Research

Activities

  • Align your security policy with business imperatives; assess and prioritize policies
  • Develop a fundamental policy suite that covers all functional areas
  • Develop a procedural policy suite

Benefits

  • Develop a guideline for your business' security controls, methods, and standards
  • Create a policy suite that is properly aligned to business objectives

Select and Implement a Governance, Risk, and Compliance Solution

Get the big picture of roles and responsibilities, operations, and compliance obligations and be able to manage them within one solution.

Download Research

Activities

  • Decide what kind of GRC solution is for you: a full-on investment in technology or a value-conscious option
  • Familiarize yourself with the product space and which features each one offers
  • Prepare to roll out your GRC strategy

Benefits

  • The work of evaluating GRC solutions is done for you through our report
  • Use our tools and templates to make an informed decision on what to pursue in this space

Build a Risk-Based Security Budget

For years, security operations have been improperly seen as a cost center. Help your C-suite and board of directors see the value of security operations.

Download Research

Activities

  • Assess the drivers of security costs and headcount
  • Learn when to depreciate older, less effective security solutions
  • Create a strategic security solution evolution model to invest in the appropriate tools at the right time

Benefits

  • Effectively show the C-suite and board of directors that security is not just a cost center
  • Align risk models and security costs to business objectives
1 / 9
  • 1. Diagnose Security Issues
  • 2. Build an Information Security Strategy
  • 3. Optimize Security Mitigation Effectiveness
  • 4. Consolidate Security Risk Management Solutions
  • 5. Develop a Security Incident Management Program
  • 6. Build a Security Awareness and Training Program
  • 7. Develop and Deploy Security Policies
  • 8. Select and Implement a Governance, Risk, and Compliance Solution
  • 9. Build a Risk-Based Security Budget

Security Risk, Strategy & Governance

Featured Blueprints

Prepare for PCI DSS v4.0

November 28, 2022

In March of 2022 the PCI Security Standards Council published version 4.0 of the PCI Data Security Standard. This client advisory deck will guide m...

Privacy by Design for Digital Marketing

November 02, 2022

This research will help you embed privacy by design principles into the digital marketing lifecycle and processes to enable business growth while m...

Develop and Deploy Security Policies

October 19, 2022

Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities or compliance requirements, and ...

Build an Effective Data Retention Program

September 08, 2022

This research will help you to determine data retention requirements, create a retention schedule, identify at-risk data, and manage manual data de...

Build a Security Compliance Program

August 23, 2022

Mastering a cost-effective approach to cybersecurity and data protection compliance can provide organizations with a clear strategic advantage. Tak...

Build a Zero Trust Roadmap

August 16, 2022

Move from a perimeter-based approach to security toward an “Always Verify” approach by creating a zero trust strategy and the roadmap to deploy it.

Secure Operations in High-Risk Jurisdictions

August 11, 2022

Security leaders who support operations in high-risk jurisdictions contend with unique risk scenarios, including local compliance risk, high-risk t...

Security Priorities 2022

April 19, 2022

The Security Priorities 2022 report identifies what CISOs should be focusing on this year and how to take action.

Browse Topics

Data Privacy
Governance, Risk & Compliance
Security Strategy & Budgeting

Resources

Tools

View all 90 Tools

Templates & Policies

View all 115 Templates & Policies

Security Threat Intelligence

View all 57 Security Threat Intelligence

Security Technology & Operations

Featured Blueprints

Passwordless Authentication

December 01, 2022

End users have 191 passwords to remember – can infrastructure and operations make life better for users while actually enhancing security? Understa...

Develop and Deploy Security Policies

October 19, 2022

Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities or compliance requirements, and ...

Build a Service-Based Security Resourcing Plan

September 23, 2022

The blueprint will help you to define your security roles, service offerings, estimate service demand, and determine required FTEs.

Assess and Govern Identity Security

December 03, 2021

Security leaders view modernizing identity security as too daunting and prefer to focus on narrower technology challenges. This limited focus is re...

Implement Risk-Based Vulnerability Management

April 16, 2021

Vulnerabilities will always exist. Addressing these will consume your department’s time and resources, and your efforts will quickly become stale a...

Identify the Components of Your Cloud Security Architecture

March 12, 2021

Info-Tech has developed an approach to cloud security that is built on the strong foundations of our security strategy model that has been successf...

Create a Ransomware Incident Response Plan

March 09, 2021

Ransomware has the attention of every executive team. The challenge is translating that attention into specific actions to improve your organizatio...

Mature Your Identity and Access Management Program

November 05, 2020

Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT. ...

Browse Topics

Endpoint Security
Identity & Access Management
Secure Cloud & Network Architecture
Security Processes & Operations
Threat Intelligence & Incident Response

Resources

Tools

View all 62 Tools

Templates & Policies

View all 102 Templates & Policies

Security Threat Intelligence

View all 57 Security Threat Intelligence

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy