Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

Book This Workshop

Avoid:

  • Building a misaligned security program.
  • Investing too little or too much in the security program.
  • Missing key people, process or technology controls your organization needs to stay safe.

Build a comprehensive security program that:

  • Aligns to organizational goals.
  • Focuses on mitigating organizational risks.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Member Rating

9.6/10
Overall Impact

$46,692
Average $ Saved

36
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

Module 1: Assess business requirements

The Purpose

  • Assess business requirements.

Key Benefits Achieved

  • Identify security program alignment criteria.

Activities: Outputs:
1.1 Understand business and IT strategy and plans.
1.2 Define business and compliance requirements.
1.3 Establish the security program scope.
1.4 Analyze the organization’s risks and stakeholder pressures.
1.5 Assess organizational risk appetite.
  • Goals cascade for the security program
  • Security scope and boundaries statement
  • Risk assessment and pressure analysis
  • Organizational risk appetite

Module 2: Perform a gap analysis

The Purpose

  • Perform a gap analysis.

Key Benefits Achieved

  • Define the program's target state.
  • Assess the organization's current state.

Activities: Outputs:
2.1 Define the information security target state.
2.2 Assess current security capabilities.
2.3 Identify security gaps.
2.4 Build initiatives to bridge the gaps.
  • Information security target state
  • Security current state assessment
  • Initiatives to address gaps

Module 3: Complete the gap analysis

The Purpose

  • Complete the gap analysis.

Key Benefits Achieved

  • Security program improvement tasks and initiatives

Activities: Outputs:
3.1 Continue assessing current security capabilities.
3.2 Identify security gaps.
3.3 Build initiatives to bridge the maturity gaps.
3.4 Identify initiative list and task list.
3.5 Define criteria to be used to prioritize initiatives.
  • Completed security current state assessment
  • Task list to address gaps
  • Initiative list to address gaps
  • Prioritization criteria

Module 4: Develop roadmap

The Purpose

  • Develop the roadmap.

Key Benefits Achieved

  • Security program roadmap
  • Communication resources

Activities: Outputs:
4.1 Conduct cost-benefit analysis on initiatives.
4.2 Prioritize gap initiatives based on cost, time, and alignment with the business.
4.3 Build effort map.
4.4 Determine start times and accountability.
4.5 Finalize security roadmap and action plan.
4.6 Create communication plan.
  • Information security roadmap
  • Draft communication deck
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019