Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Establish Effective Security Governance & Management

The key is in stakeholder interactions, not policy and process.

  • The security team is unsure of governance needs and how to manage them.
  • There is a lack of alignment between key stakeholder groups
  • There are misunderstandings related to the role of policy and process.

Our Advice

Critical Insight

Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad–hoc decision making that undermines governance.

Impact and Result

  • The first phase of this project will help you establish or refine your security governance and management by determining the accountabilities, responsibilities, and key interactions of your stake holder groups.
  • In phase two, the project will guide you through the implementation of essential governance processes: setting up a steering committee, determining risk appetite, and developing a policy exception-handling process.

Establish Effective Security Governance & Management Research & Tools

1. Establish Effective Security Governance and Management Deck – A step-by-step guide to help you establish or refine the governance model for your security program.

This storyboard will take you through the steps to develop a security governance and management model and implement essential governance processes.

This project will involve evaluating your governance and management needs, aligning with the business, and building a model based on these inputs.

2. Design Your Governance Model – A security governance and management model to track accountabilities, responsibilities, stakeholder interactions, and the implementation of key governance processes.

This tool will help you determine governance and management accountabilities and responsibilities and use them to build a visual governance and management model.

3. Organizational Structure Template – A tool to address structural issues that may affect your new governance and management model.

This template will help you to implement or revise your organizational structure.

4. Information Security Steering Committee Charter & RACI – Templates to formalize the role of your steering committee and the oversight it will provide.

These templates will help you determine the role a steering committee will play in your governance and management model.

5. Security Policy Lifecycle Template – A template to help you model your policy lifecycle.

Once this governing document is customized, ensure the appropriate security policies are developed as well.

6. Security Policy Exception Approval Process Templates – Templates to establish an approval process for policy exceptions and bolster policy governance and risk management.

These templates will serve as the foundation of your security policy exception approval processes.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

10.0/10


Overall Impact

$19,350


Average $ Saved

13


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Donor Network West

Guided Implementation

10/10

$13,700

5

getting expert understanding in this space is very important to our organization. worst part is when the models don't have clear definition on the ... Read More

ATS CORPORATION

Guided Implementation

10/10

$25,000

20

Fritz Jean-Lois provided valuable guidance in quickly developing our security governance and management plan to support our goal of maturing the se... Read More

Sage Therapeutics

Workshop

10/10

N/A

N/A

The workshop was very insightful and I enjoyed the workshop immensely. Working through the charters and learning how to maximize our use of the to... Read More

NMB BANK PLC.

Guided Implementation

10/10

$12,599

50

The best experience was when Logan was explaining to me different options available with infotech, that opened my eyes for change of direction on m... Read More

The University Of Manchester

Guided Implementation

9/10

$152K

20

Wonder Brands Inc.

Guided Implementation

8/10

N/A

5

DAI Global, LLC

Guided Implementation

9/10

$12,399

5

I very much appreciate the knowledgeable experts who helped us quickly understand an approach to get our arms around a way to move forward with eva... Read More

Elementis Specialties

Guided Implementation

10/10

N/A

120

City of Kirkland

Guided Implementation

10/10

N/A

N/A

Allegis

Guided Implementation

10/10

$2,546

5

Filipe is very knowledgeable on the topic and the other resources that Infotech has available.

Clark Schaefer Hackett

Guided Implementation

10/10

$3,820

20

Having Kevin's expertise to help me through this project was very helpful.


Security Management

Establish the missing bridge between security and the business to support tomorrow's enterprise with minimal resources.

This course makes up part of the Security & Risk Certificate.


  • Course Modules: 3
  • Estimated Completion Time: 1 hour
  • Featured Analysts:
  • Logan Rohde, Senior Research Analyst, Security Practice

Now Playing:
Introduction

An active membership is required to access Info-Tech Academy

The key is in stakeholder interactions, not policy and process.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

10.0/10
Overall Impact

$19,350
Average $ Saved

13
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 2-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Design your governance model
  • Call 1: Scope requirements, objectives, and your specific challenges.
  • Call 2: Determine governance requirements.
  • Call 3: Review governance model.
  • Call 4: Determine KPIs.

Guided Implementation 2: Implement essential governance processes
  • Call 1: Stand up steering committee.
  • Call 2: Set risk appetite.
  • Call 3: Establish policy lifecycle.
  • Call 4: Revise exception-handing process.

Author

Logan Rohde

Contributors

  • Michelle Tran, Consulting Industry
  • 1 anonymous
Visit our IT Crisis Response Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171