Build an Information Security Strategy

Tailor best practices to effectively manage information security.

Onsite Workshop

CISOs often struggle with:

  • Lack of understanding how to align their security programs to business goals.
  • Uncertainty on how to prioritize security spending.

CISOs can:

  • Engage stakeholders and align with business goals.
  • Holistically evaluate their security program.
  • Rapidly develop a security roadmap.

Module 1: Assess Security Requirements

The Purpose

Understand business and IT strategy and plans.

Key Benefits Achieved

Defined security obligations, scope, and boundaries.

Activities: Outputs:
1.1 Define business and compliance.
  • Security obligations statement
1.2 Establish security program scope.
  • Security scope and boundaries statement
1.3 Analyze the organization’s risk and stakeholder pressures.
  • Defined risk tolerance level
1.4 Identify the organizational risk tolerance level.
  • Risk assessment and pressure analysis

Module 2: Perform a Gap Analysis

The Purpose

Define the information security target state.

Key Benefits Achieved

Set goals and Initiatives for the security strategy in line with the business objectives.

Activities: Outputs:
2.1 Assess current security capabilities.
  • Information security target state
2.2 Identify security gaps.
  • Security current state assessment
2.3 Build initiatives to bridge the gaps.
  • Initiatives to address gaps

Module 3: Complete the Gap Analysis

The Purpose

Continue assessing current security capabilities.

Key Benefits Achieved

Identification of security gaps and initiatives to bridge them according to the business goals.

Activities: Outputs:
3.1 Identify security gaps.
  • Completed security current state assessment
3.2 Build initiatives to bridge the maturity gaps.
  • Task list to address gaps
3.3 Identify initiative list and task list.
  • Initiative list to address gaps
3.4 Define criteria to be used to prioritize initiatives.
  • Prioritize criteria

Module 4: Develop the Roadmap

The Purpose

Create a plan for your security strategy going forward.

Key Benefits Achieved

Set path forward to achieving the target state for the business through goal cascade and gap initiatives.

Activities: Outputs:
4.1 Conduct cost/benefit analysis on initiatives.
  • Information security roadmap
4.2 Prioritize gap initiatives based on cost and alignment with business.
  • Draft communication deck
4.3 Build an effort list.
4.4 Determine state times and accountability.
4.5 Finalize security roadmap and action plan.
4.6 Create communication plan.

Module 5: Communicate and Implement

The Purpose

Finalize deliverables.

Key Benefits Achieved

Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.

Activities: Outputs:
5.1 Support communication efforts.
  • Security strategy roadmap documentation
5.2 Identify resources in support of priority initiatives.
  • Detailed cost and effort estimates
  • Mapping of Info-Tech resources against individual initiatives

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
GET HELP Contact Us
×
VL Methodology