Build an Information Security Strategy
Align the information security strategy to organizational goals and risks to create value.
Book This WorkshopAvoid:
- Building a misaligned security program.
- Investing too little or too much in the security program.
- Missing key people, process or technology controls your organization needs to stay safe.
Build a comprehensive security program that:
- Aligns to organizational goals.
- Focuses on mitigating organizational risks.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Assess business requirements
The Purpose
- Assess business requirements.
Key Benefits Achieved
- Identify security program alignment criteria.
Activities: | Outputs: | |
---|---|---|
1.1 | Understand business and IT strategy and plans. |
|
1.2 | Define business and compliance requirements. |
|
1.3 | Establish the security program scope. |
|
1.4 | Analyze the organization’s risks and stakeholder pressures. |
|
1.5 | Assess organizational risk appetite. |
|
Module 2: Perform a gap analysis
The Purpose
- Perform a gap analysis.
Key Benefits Achieved
- Define the program's target state.
- Assess the organization's current state.
Activities: | Outputs: | |
---|---|---|
2.1 | Define the information security target state. |
|
2.2 | Assess current security capabilities. |
|
2.3 | Identify security gaps. |
|
2.4 | Build initiatives to bridge the gaps. |
|
Module 3: Complete the gap analysis
The Purpose
- Complete the gap analysis.
Key Benefits Achieved
- Security program improvement tasks and initiatives
Activities: | Outputs: | |
---|---|---|
3.1 | Continue assessing current security capabilities. |
|
3.2 | Identify security gaps. |
|
3.3 | Build initiatives to bridge the maturity gaps. |
|
3.4 | Identify initiative list and task list. |
|
3.5 | Define criteria to be used to prioritize initiatives. |
|
Module 4: Develop roadmap
The Purpose
- Develop the roadmap.
Key Benefits Achieved
- Security program roadmap
- Communication resources
Activities: | Outputs: | |
---|---|---|
4.1 | Conduct cost-benefit analysis on initiatives. |
|
4.2 | Prioritize gap initiatives based on cost, time, and alignment with the business. |
|
4.3 | Build effort map. |
|
4.4 | Determine start times and accountability. |
|
4.5 | Finalize security roadmap and action plan. |
|
4.6 | Create communication plan. |
|