Build an Information Security Strategy

Tailor best practices to effectively manage information security.

Onsite Workshop

The lack of a good security strategy and roadmap results in:

  • Overengineering or underengineering in security efforts.
  • The inability to articulate how security supports the business, resulting in the lack of management buy-in.
  • A higher volume of security threats and incidents that could damage brand equity and profitability.
  • Constant firefighting to try to patch areas with insufficient security coverage.

A formalized IT security strategy process, using Info-Tech’s methodology, results in:

  • Generation of your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap.
  • Robust security requirements gathering across the organization, with key stakeholders, customers, regulators, and other parties, ensuring the security strategy is built in alignment to and support of enterprise and IT strategies and plans.
  • Tested and proven rationalization and prioritization methodologies, ensuring the strategy you generate is not only the one the organization needs, but the one the organization will support.

Module 1: Assess Security Requirements

The Purpose

  • Determine the business, customer, compliance goals and obligations that the security strategy must support.
  • Define organizational security pressure and risk tolerance.

Key Benefits Achieved

  • Clear understanding of how to align the security strategy with the business.
  • Formalized and documented security pressure and risk tolerance information.

Activities: Outputs:
1.1 Discuss business and IT strategy and plans.
1.2 Determine organizational security pressure.
  • Information security pressure analysis
1.3 Define business, customer, and compliance goals and obligations. Define security program scope and boundaries.
  • Information security alignment and obligations statement
  • Information security scope and boundaries statement
1.4 Define information security risk tolerance.
  • Information Security Requirements Gathering Tool

Module 2: Perform a Gap Analysis

The Purpose

  • Identify current and target security capabilities, and what would be required to achieve the target state.

Key Benefits Achieved

  • Comprehensive list of all initiatives that could be undertaken to achieve security targets in every area.

Activities: Outputs:
2.1 Review penetration test results (optional).
2.2 Assess current and target security capabilities.
  • Current vs. target state gap analysis
2.3 Define gap initiatives to achieve target state.
  • Actionable initiatives to resolve security gaps

Module 3: Prioritize Initiatives and Create Roadmap

The Purpose

  • Prioritize the order of execution for security initiatives based on meaningful variables for the organization: cost / effort / security benefit / business alignment.

Key Benefits Achieved

  • Prioritized roadmap of security initiatives and persuasive rationale for stakeholders.

Activities: Outputs:
3.1 Define standard prioritization variables.
3.2 Estimate resources needed per initiative.
3.3 Build effort map and prioritize gap initiatives based on cost / effort / benefit / alignment.
  • Security strategy roadmap and action plan
3.4 Build roadmap for execution order for gap initiatives.

Module 4: Communicate and Implement

The Purpose

  • Assemble all information generated during the workshop into a concise and compelling communication deck and action plan.
  • Understand how to use Info-Tech’s methodology to continually manage security initiatives.
  • Produce final deliverables.

Key Benefits Achieved

  • All inputs from the workshop are pulled together into meaningful and usable deliverables.

Activities: Outputs:
4.1 Finalize deliverables.
  • Security strategy and roadmap deck/document
  • Detailed cost and effort estimates
  • Mapping of Info-Tech resources against individual initiatives
4.2 Support communication efforts.
4.3 Identify resources in support of high-priority initiatives.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
VL Methodology