Build a Security Governance and Management Plan

Establish the missing bridge between security and the business to support tomorrow’s enterprise with minimal resources.

Onsite Workshop

Non-existent governance and management in regards to security results in:

  • Wasted investments in new security technologies.
  • No oversight of the entire security program.
  • The business is left to wonder how security is enabling them and helping them become safe.
  • An ad hoc approach to new security threats.

A formal security governance and management program results in:

  • A clear understanding of the business strategy & objectives in relation to security.
  • Continuous improvement achieved through a good security measurement program.
  • Cost savings from incident reductions and wise technology investing.
  • Better people management from your end users to the executive board.

Module 1: Assess Security Requirements

The Purpose

  • Demonstrate the value of implementing or improving security governance and management for the business.
  • Define the risk tolerance of the organization.
  • Objectively assess security pressure posture based on our list of comprehensive criteria.
  • Provide a security posture description that business stakeholders can easily digest. 

Key Benefits Achieved

  • Understand the value of information security governance.
  • Gain a better understanding of the organization’s risk tolerance and security pressure posture. 

Activities: Outputs:
1.1 Define goals/objectives for the workshop.
1.2 Demonstrate the value and challenges of security governance and management.
  • Identified security target state.
1.3 Define the risk tolerance.
  • Defined risk tolerance.
1.4 Define the security pressure posture.
  • Defined security pressure posture.

Module 2: Perform a Gap Analysis

The Purpose

  • Define the current security capabilities and maturity of the governance and management.
  • Develop a security target state based on the organization’s security risk profile and conduct a gap analysis. 

Key Benefits Achieved

  • Visualize the organization’s current security capabilities and maturity level.
  • Build the foundation for determining your security target state by understanding the organization’s security needs and scope. 

Activities: Outputs:
2.1 Assess current security capabilities and performance.
  • Determined current security maturity levels.
2.2 Define security target state.
  • Identified security target state.

Module 3: Develop Gap Initiatives

The Purpose

  • Develop gap initiatives to reach your security governance and management target state.
  • Assess the organization’s readiness to implement the gap initiatives and scale the initiatives to develop a feasible implementation plan. 

Key Benefits Achieved

  • Identified gap initiatives to augment the security program.
  • Understanding of the resources needed to implement all the initiatives. 

Activities: Outputs:
3.1 Identify security gaps.
  • Future state - current state gap analysis.
3.2 Build initiatives to bridge the gap.
  • Initiatives to address the gap.
3.3 Estimate the resources needed.
  • Estimated effort needed.
3.4 Prioritized gap initiatives.
  • Budget & resource readiness analysis.
3.5 Determine start time and accountability.

Module 4: Implement Gap Initiatives

The Purpose

  • Finalization and approval of the final roadmap and action plan.
  • Development of various governance and management deliverables to lay the foundation in place.
  • Development of effective metrics in order to measure the program. 

Key Benefits Achieved

  • Implementation timeline for the future.
  • Governance and management deliverables to act as a starting point.
  • Security metrics to implement. 

Activities: Outputs:
4.1 Finalize roadmap and action plan.
  • Finalized roadmap and action plan.
4.2 Build out governance and management deliverables.
  • Finalized governance and management deliverables, such as a charter, organizational structure, and HR security policy.
4.3 Develop security metrics.
  • Effective security metrics.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
VL Methodology