- Peter Clay, Zeneth Tech Partners, Principal
- Ken Towne, Zeneth Tech Partners, Security Architect
- Luciano Siqueria, Road Track, IT Security Manager
- David Rahbany, The Hain Celestial Group, Director IT Infrastructure
- Rick Vadgama, Cimpress, Head of Information Privacy and Security
- Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
- Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
- Trevor Butler, City of Lethbridge, Information Technology General Manager
- Shane Callahan, Tractor Supply, Director of Information Security
- Jeff Zalusky, Chrysalis, President/CEO
- Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
- Dan Humbert, YMCA of Central Florida, Director of Information Technology
- Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
- Jason Bevis, FireEye, Senior Director Orchestration Product Management – Office of the CTO
- Joan Middleton, Village of Mount Prospect, IT Director
- Jim Burns, GreatAmerica Financial Services, Vice President Information Technology
- Ryan Breed, Hudson’s Bay, Information Security Analyst
- James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems
- Ironically, the misconception that small enterprises are less targeted due to having less-valuable assets has led to increases in breaches as these organizations have failed to strengthen their defense against threat, which has increased their vulnerability in the wake of more advanced, automated, and indiscriminate cyberattacks.
- Just because you haven’t identified a breach doesn’t mean you’re secure. A good security program is proactive about closing security gaps because ignorance is never blissful.
Impact and Result
- Security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensures the security strategy is built in alignment with and supportive of strategies and plans.
- Info-Tech’s small enterprise security framework ensures the appropriate areas of security are made the primary focus of your current/target state assessment and strategy.
- Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but also the one the organization will support.
This guided implementation is a seven call advisory process.
Guided Implementation #1 - Assess security requirements
Call #1 - Introduce project and complete pressure analysis.
Call #2 - Define security obligations and organizational risk tolerance level.
Guided Implementation #2 - Build a gap initiative strategy
Call #1 - Introduce the maturity assessment.
Call #2 - Perform gap analysis and translate into initiatives (often several calls to work through the gap analysis).
Guided Implementation #3 - Prioritize initiatives and build roadmap
Call #1 - Consolidate related gap initiatives.
Call #2 - Review cost/benefit analysis and build an effort map.
Call #3 - Build implementation waves and introduce Gantt chart.
Book Your Workshop
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess Security Requirements
- Determine the business, customer, and compliance goals and obligations that the security strategy must support.
- Define organizational security risk tolerance.
Key Benefits Achieved
- Clear understanding of how to align the security strategy with the business.
- Formalized and documented security pressure and risk tolerance information.
Discuss business and IT strategy and plans.
- Shared understanding of security strategy drivers
Define business, customer, and compliance goals and obligations.
- Information security alignment and obligations statement
Define information security risk tolerance.
- Defined information security risk tolerance
Module 2: Perform a Gap Analysis
- Identify current and target security capabilities and what would be required to achieve the target state.
Key Benefits Achieved
- Comprehensive list of all initiatives that could be undertaken to achieve security targets in every area.
Assess current and target security capabilities.
- Current- vs. target-state gap analysis
Define gap initiatives to achieve target state.
- Actionable initiatives to resolve security gaps
Module 3: Plan for the Transition
- Prioritize the order of execution for security initiatives.
Key Benefits Achieved
- Prioritized roadmap of security initiatives and persuasive rationale for stakeholders.
Build effort map and prioritize gap initiatives.
Build roadmap for execution order for gap initiatives.
- Security strategy roadmap and action plan
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.