This phase of the process will allow you to create specific and actionable initiatives in order to raise the level of your security governance and management.
- Identify existing security gaps.
- Build initiatives to bridge the gap.
- Estimate the resources needed.
- Prioritize gap initiatives.
With prioritized gap initiatives, it then becomes possible to assemble an information security roadmap and action plan.