- Todd Felton, Security Architect, OCLC
- Darwin Ammala, Information Security Manager, Comprehensive Health Services Inc.
- Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
- Organizations do not understand how to properly create and deliver value propositions of technical security solutions.
- The security architecture is a living, breathing thing based on the risk profile of your organization.
- Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.
Impact and Result
- A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
- Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
- A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
- Creating a defensible roadmap will assist with justifying future security spend.
This guided implementation is an eight call advisory process.
Guided Implementation #1 - Identify the organization’s ideal security architecture
Call #1 - Get an overview of the project
Call #2 - Review the IT Complexity Assessment
Call #3 - Walk through the Operational Assessment
Call #4 - Review the Operational Assessment
Call #5 - Review the Security Architecture Value Assessment
Call #6 - Review the assessment results
Guided Implementation #2 - Create a security program roadmap