Design and Implement a Business-Aligned Security Program
Focus on Business Value First.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Organizations with a misaligned security program have:
- A greater incident rate.
- More costly data breaches.
- Less business satisfaction with the security program.
- Less confidence in the security program and its leadership.
Design a business-aligned security program to:
- Improve your credibility as a business leader.
- Increase senior management's confidence in the security program.
- Reduce the number and impact of security incidents.
- Reduce the average cost of data breaches.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Initial Security Program Design
The Purpose
Determine the initial design of your security program.
Key Benefits Achieved
An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Review Info-Tech diagnostic results. |
|
| 1.2 | Identify project context. |
|
| 1.3 | Identify enterprise strategy. |
|
| 1.4 | Identify enterprise goals. |
|
| 1.5 | Build a goal cascade. |
|
| 1.6 | Assess the risk profile. |
|
| 1.7 | Identify IT-related issues. |
|
| 1.8 | Evaluate initial program design. |
|
Module 2: Refine Security Program Capabilities
The Purpose
Refine the design of your security program.
Key Benefits Achieved
A refined, prioritized list of security capabilities that reflects what makes your organization unique.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Gauge threat landscape. |
|
| 2.2 | Identify compliance requirements. |
|
| 2.3 | Categorize the role of IT. |
|
| 2.4 | Identify the sourcing model. |
|
| 2.5 | Identify the IT implementation model. |
|
| 2.6 | Identify the tech adoption strategy. |
|
| 2.7 | Refine the scope of the program. |
|
Module 3: Security Program Gap Analysis
The Purpose
Finalize security program design.
Key Benefits Achieved
- Key accountabilities to support the security program
- Gap analysis to produce an improvement plan
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Identify program accountabilities. |
|
| 3.2 | Conduct program gap analysis. |
|
| 3.3 | Prioritize initiatives. |
|
Module 4: Roadmap and Implementation Plan
The Purpose
Create and communicate an improvement roadmap for the security program.
Key Benefits Achieved
Security program design and implementation plan to organize and communicate program improvements.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Build program roadmap |
|
| 4.2 | Finalize implementation plan |
|
| 4.3 | Sponsor check-in |
|