Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

Book This Workshop


  • Building a misaligned security program.
  • Investing too little or too much in the security program.
  • Missing key people, process or technology controls your organization needs to stay safe.

Build a comprehensive security program that:

  • Aligns to organizational goals.
  • Focuses on mitigating organizational risks.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Member Rating

Overall Impact

Average $ Saved

Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

Module 1: Assess Business Requirements

The Purpose

  • Assess business requirements.

Key Benefits Achieved

  • Identify security program alignment criteria.

Activities: Outputs:
1.1 Understand business and IT strategy and plans.
  • Goals cascade for the security program
1.2 Define business and compliance requirements.
  • Goals cascade for the security program
1.3 Establish the security program scope.
  • Security scope and boundaries statement
1.4 Analyze the organization’s risks and stakeholder pressures.
  • Risk assessment and pressure analysis
1.5 Assess organizational risk appetite.
  • Organizational risk appetite

Module 2: Perform a Gap Analysis

The Purpose

  • Perform a gap analysis.

Key Benefits Achieved

  • Define the program's target state.
  • Assess the organization's current state.

Activities: Outputs:
2.1 Define program target state.
  • Information security target state
2.2 Assess current security capabilities.
  • Security current-state assessment
2.3 Identify security gaps.
  • Initiatives to address gaps
2.4 Build initiatives to bridge the gaps.
  • Initiatives to address gaps

Module 3: Complete the Gap Analysis

The Purpose

  • Complete the gap analysis.

Key Benefits Achieved

  • Security program improvement tasks and initiatives

Activities: Outputs:
3.1 Continue assessing security capabilities.
  • Completed current-state assessment
3.2 Identify security gaps.
  • Completed current-state assessment
3.3 Build task list.
  • Task list to address gaps
3.4 Build initiatives list.
  • Initiatives list to address gaps.

Module 4: Develop the Roadmap

The Purpose

  • Develop the roadmap.

Key Benefits Achieved

  • Security program roadmap
  • Communication resources

Activities: Outputs:
4.1 Conduct cost-benefit analysis.
  • Information security roadmap
4.2 Prioritize initiatives.
  • Information security roadmap
4.3 Discuss resourcing and accountability.
  • Information security roadmap
4.4 Finalize security roadmap.
  • Information security roadmap
4.5 Create communication plan.
  • Draft communication deck

Module 5: Communicate and Implement

The Purpose

Finalize deliverables.

Key Benefits Achieved

Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.

Activities: Outputs:
5.1 Support communication efforts.
  • Security strategy roadmap documentation
5.2 Identify resources in support of priority initiatives.
  • Detailed cost and effort estimates
  • Mapping of Info-Tech resources against individual initiatives
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019