- The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
- Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
- Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.
Our Advice
Critical Insight
- Technological change is increasing both the protect surface and the variety of tools available to secure it.
- Security frameworks are helpful, but they don’t describe how to gather business requirements, identify organizational risks, or set an appropriate target state for the program, or which controls to select to conduct an accurate gap analysis for the security program.
- The better security leaders can balance a budget that funds cyber resiliency and drives revenue, the more likely they are to progress in their career.
Impact and Result
Build a business-aligned, risk-aware, holistic security strategy:
- Gather business requirements to prioritize improvements.
- Assess risks, stakeholder expectations, and risk appetite to set meaningful targets.
- Do a comprehensive gap analysis to identify improvements.
- Build a flexible roadmap to set the program on the right footing.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.6/10
Overall Impact
$45,690
Average $ Saved
33
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
County of Chesterfield, Virginia
Guided Implementation
10/10
$30,549
20
Efficient use of time with targeted focus on right tools and approach based on our current state.
CICSA CO OP Credit Union
Guided Implementation
10/10
$64,999
50
For me this is easily a $50k value add. EY, PWC etc. will charge $25k for a Cybersecurity Strategy and it will only entail a fraction of what Jo... Read More
City of Winter Park
Guided Implementation
10/10
$12,999
5
SaskEnergy
Workshop
10/10
$50,000
10
Sumit is a great facilitator. Best part was producing a much needed output in a prescribed period of time. Would have taken us much much longer i... Read More
California Department of Corrections & Rehabilitation
Guided Implementation
9/10
N/A
N/A
Erik is an experienced and well-informed expert. His experience provide value when it comes to developing successful strategies for our organiztio... Read More
City of Palm Beach Gardens
Guided Implementation
10/10
$12,999
100
Blandin Foundation
Guided Implementation
10/10
$12,999
20
Oregon Public Utility Commission
Guided Implementation
10/10
N/A
1
Advisors Excel, LLC
Workshop
10/10
$64,999
10
Michel Hebert was a great instructor and really made the workshop a great experience for me and my team. His approach and attitude towards everyon... Read More
Defence Construction Canada
Workshop
9/10
$50,000
20
Best: The analyst was really knowledgeable and facilitated the conversations during the entire process effectively. The exercise is very well stru... Read More
Municipality of Chatham-Kent
Guided Implementation
9/10
N/A
20
Tools were very helpful and Bobs guidance was spot on and very impactful. The tools were very sensitive to changes made to them which required a l... Read More
Sponsors For Educational Opportunity
Workshop
9/10
$38,999
32
It was detailed, valuable and the team was great. Definitely feel like we are in a better place and on a path. No worst parts.
East Bay Municipal Utility District
Guided Implementation
8/10
N/A
N/A
Helpful conversations with Bob as usual.
New Mexico Department Of Transportation
Workshop
10/10
$32,499
120
The InfoTech team was very knowledgeable about each domain. They supplied great advice to help develop the security strategy. The scheduling and ... Read More
Georgia Department of Banking and Finance
Guided Implementation
10/10
N/A
2
Cross Country Mortgage, Inc.
Guided Implementation
10/10
$64,999
20
American Integrity Insurance Company
Guided Implementation
10/10
$32,499
10
No worst parts. Eric was very good at pointing out a strong starting position and had a very practical approach at developing Security Policy wh... Read More
Board of Education of School Dist No. 61 (Greater Victoria)
Guided Implementation
10/10
$25,000
10
Petar is a fantastic resource. His expertise is coupled with patience and an ability to guid according to our organizational needs. We have not bee... Read More
HSS Enterprises Ltd c/o IKO
Guided Implementation
10/10
$10,000
20
It was all great. Fritz is a treasure trove. Enjoyed working with him and gain insights from his experience.
South Carolina Department of Employment and Workforce
Guided Implementation
10/10
N/A
4
I appreciate Jon's flexibility in our meeting. He was able to assess the current need for our conversation and pivot toward the gap analysis tool t... Read More
American National Insurance Company Inc
Workshop
10/10
$12,999
10
The facilitator (Sumit Chowdhury) was excellent at keeping the group focused and consistent in our appraisals of our activities throughout the enga... Read More
St. Mary's University
Guided Implementation
10/10
$32,499
120
Other than Michel's and the other Info-Tech folks experience and value, hard to estimate time and effort saved other than it was considerable.
Worldnet International
Guided Implementation
10/10
$129K
50
IHC New Zealand Incorporated
Guided Implementation
9/10
$28,599
9
The consultant (Robert) was well informed and had a very positive communication style. He was well supported by Sidhu and there were no negatives t... Read More
PrizePicks
Guided Implementation
10/10
$32,499
5
Hendra was an absolute delight to work with. He was pleasant, focused, knowledgeable, and basically impossible to fluster with my endless delays o... Read More
County of Nevada
Guided Implementation
9/10
N/A
5
Victor is a pleasure to work with. He is knowledgeable on the subject and takes the time to explain each step.
City of O'Fallon
Guided Implementation
10/10
N/A
120
We were steered towards targeted ways of improving our security rather than trying to identify them on our own.
Sioux Lookout Meno Ya Win Health Centre
Guided Implementation
9/10
$20,500
20
SCEE
Guided Implementation
10/10
$21,499
50
After a misfire with another consultant, Robert.D from InfoTech was able to quickly pickup from where we were and help complete the delivery of the... Read More
AHF Products
Guided Implementation
8/10
$9,099
10
Shashtri's understanding of the topic and use of the tools contributed to a worthwhile experience in time and effort.
Security Strategy
Tailor best practices to effectively manage information security.
This course makes up part of the Security & Risk Certificate.
- Course Modules: 5
- Estimated Completion Time: 1 hour
- Featured Analysts:
- Michel Hébert, Principal Research Director
Workshop: Build an Information Security Strategy
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess Business Requirements
The Purpose
- Assess business requirements.
Key Benefits Achieved
- Identify security program alignment criteria.
Activities
Outputs
Understand business and IT strategy and plans.
- Goals cascade for the security program
Define business and compliance requirements.
- Goals cascade for the security program
Establish the security program scope.
- Security scope and boundaries statement
Analyze the organization’s risks and stakeholder pressures.
- Risk assessment and pressure analysis
Assess organizational risk appetite.
- Organizational risk appetite
Module 2: Perform a Gap Analysis
The Purpose
- Perform a gap analysis.
Key Benefits Achieved
- Define the program's target state.
- Assess the organization's current state.
Activities
Outputs
Define program target state.
- Information security target state
Assess current security capabilities.
- Security current-state assessment
Identify security gaps.
- Initiatives to address gaps
Build initiatives to bridge the gaps.
- Initiatives to address gaps
Module 3: Complete the Gap Analysis
The Purpose
- Complete the gap analysis.
Key Benefits Achieved
- Security program improvement tasks and initiatives
Activities
Outputs
Continue assessing security capabilities.
- Completed current-state assessment
Identify security gaps.
- Completed current-state assessment
Build task list.
- Task list to address gaps
Build initiatives list.
- Initiatives list to address gaps.
Module 4: Develop the Roadmap
The Purpose
- Develop the roadmap.
Key Benefits Achieved
- Security program roadmap
- Communication resources
Activities
Outputs
Conduct cost-benefit analysis.
- Information security roadmap
Prioritize initiatives.
- Information security roadmap
Discuss resourcing and accountability.
- Information security roadmap
Finalize security roadmap.
- Information security roadmap
Create communication plan.
- Draft communication deck
Module 5: Communicate and Implement
The Purpose
Finalize deliverables.
Key Benefits Achieved
Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.
Activities
Outputs
Support communication efforts.
- Security strategy roadmap documentation
Identify resources in support of priority initiatives.
- Detailed cost and effort estimates
- Mapping of Info-Tech resources against individual initiatives