Build an Information Security Strategy

Tailor best practices to effectively manage information security.

Onsite Workshop

The lack of a good security strategy and roadmap results in:

  • Overengineering or underengineering in security efforts.
  • The inability to articulate how security supports the business, resulting in the lack of management buy-in.
  • A higher volume of security threats and incidents that could damage brand equity and profitability.
  • Constant firefighting to try to patch areas with insufficient security coverage.

A formalized IT security strategy process, using Info-Tech’s methodology, results in:

  • Generation of your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap.
  • Robust security requirements gathering across the organization, with key stakeholders, customers, regulators, and other parties, ensuring the security strategy is built in alignment to and support of enterprise and IT strategies and plans.
  • Tested and proven rationalization and prioritization methodologies, ensuring the strategy you generate is not only the one the organization needs, but the one the organization will support.

Module 1: Assess Security Requirements

The Purpose

  • Introduce security management.
  • Analyze the business and IT strategy and plans.
  • Define the organization's risk tolerance levels.
  • Assess the security risk profile.

Key Benefits Achieved

  • Security obligations statement
  • Security scope and boundaries statement
  • Defined risk tolerance level
  • Security pressure posture

Activities: Outputs:
1.1 Introduce security management.
1.2 Understand business and IT strategy and plans.
1.3 Define the security obligations, scope, and boundaries.
  • Security obligations statement
  • Security scope and boundaries statement
1.4 Define risk tolerance levels.
  • Defined risk tolerance level
1.5 Assess the security pressure posture.
  • Defined security pressure posture.

Module 2: Perform a Gap Analysis

The Purpose

  • Define the current security capabilities and maturity.
  • Develop a security target state based on the organization’s security risk profile, and conduct a gap analysis. 

Key Benefits Achieved

  • Visualization of the organization’s current security capabilities and maturity level
  • Foundation built to determine your security target state by understanding the organization’s security needs and scope

Activities: Outputs:
2.1 Assess current security capabilities and performance.
  • Current security maturity levels
2.2 Review pen test results.
2.3 Define security target state.
  • Security target state

Module 3: Develop Gap Initiatives

The Purpose

  • Develop gap initiatives to reach your security target state.
  • Assess the organization’s readiness to implement the gap initiatives and scale the initiatives to develop a feasible implementation plan.

Key Benefits Achieved

  • Identified gap initiatives to augment the security program
  • Understanding of the resources needed to implement all the initiatives

Activities: Outputs:
3.1 Identify security gaps.
  • Future state – current state gap analysis
3.2 Build initiatives to bridge the gap.
  • Initiatives to address the gap
3.3 Estimate the resources needed.
  • Estimate of required effort
3.4 Prioritize gap initiatives.
  • Budget and resource readiness analysis
3.5 Determine start time and accountability.

Module 4: Plan for the Transition

The Purpose

  • Finalize the roadmap and action plan for the information security plan.
  • Create a security charter, organizational structure, change and communication plan, and/or security services catalog.
  • Develop a metrics program to measure your progress.

Key Benefits Achieved

  • Finalized information security roadmap and action plan for the organization
  • Key deliverables to kick-start the security program
  • Measurement program to monitor and improve upon the existing program

Activities: Outputs:
4.1 Finalize security roadmap and action plan.
  • Security roadmap and action plan
4.2 Build a security charter.
  • Security charter
4.3 Build the security program organizational structure.
  • Security organizational structure
4.4 Create a change and communication plan.
  • Change and communication plan
4.5 Develop a metrics program.
  • Metrics program
4.6 Develop a security services catalog.
  • Security services catalog

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
VL Methodology