Latest Research

CIO & STRATEGY Dec 08, 2023

Optimize IT Governance for Dynamic Decision-Making

Optimize governance to align with how your organization functions.

CIO & STRATEGY Dec 07, 2023

Info-Tech​ Quarterly Research Agenda Outcomes​ Q4 2023

Top research selected from Q4 2023

SECURITY Dec 07, 2023

Build a Plan to Close Your Cybersecurity Competency Gaps

Develop business-aligned security competencies for your IT team.

DATA & BI Dec 04, 2023

Prepare for AI Change – Training for Business Leaders

Develop your initial Gen AI roadmap.

CIO & STRATEGY Dec 04, 2023

Exponential IT Keynote

Lean into the curve.

APPLICATIONS Dec 04, 2023

Evolve Your Software Development Lifecycle Into a Solution Delivery Lifecycle

It’s "solution delivery," not "software development."

INF & OPS Nov 30, 2023

Align Backups With Your Data Protection Requirements

Making a copy of your data does not always result in data protection.

CIO & STRATEGY Nov 29, 2023

Develop Your IT Leadership Team’s Financial Literacy

Start thinking and talking like a business leader.

INF & OPS Nov 29, 2023

Implement Hardware Asset Management

Build a process to track assets across their entire lifecycle.

INF & OPS Nov 22, 2023

Build a Service Desk Consolidation Strategy

A consolidated service desk not only drives more efficient service but is the foundation for optimization and innovation.

See all new content

Optimize Security Mitigation Effectiveness Using STRIDE

Understand how well your security countermeasures are working for you.

Book This Workshop

Making security decisions without the right information can result in:

  • Unmitigated vulnerabilities allowed to persist.
  • Potentially damaging security incidents.
  • Wasted financial and human resources.

Understanding the threat landscape and mitigation effectiveness leads to:

  • Informed business and security decisions.
  • A defensible and quantified security roadmap.
  • A proactive and right-sized security program.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Module 1: Setup: Risk Tolerance, and Data and Element Inventory

The Purpose

  • Discuss the organizational risk tolerance / risk management strategy.
  • Establish a foundational frame for data and element categorization.

Key Benefits Achieved

  • A map is created of the valuable data and which assets it flows through

Activities: Outputs:
1.1 Validate pre-work (data classification, IT systems element inventory, rough data mapping).
  • Data classification scheme
  • Categorized systems elements
  • Rough map of data flows (resting and transmission)
1.2 Review Info-Tech’s quantified risk model and STRIDE threat model.
1.3 Begin threat modeling activity.

Module 2: Threat Severity Assessment

The Purpose

  • Perform a detailed analysis of the organizational threat and risk exposure.

Key Benefits Achieved

  • Understand Info-Tech’s quantified threat severity model
  • A map of the systems threat landscape

Activities: Outputs:
2.1 Complete threat modeling activity
  • Mitigation Effectiveness Tool, Threat Severity tab

Module 3: Control Maturity Assessment

The Purpose

  • Catalog all the existing security capabilities and map them to the threats that they mitigate.

Key Benefits Achieved

  • Security control capabilities and maturity mapped to the system threats

Activities: Outputs:
3.1 Review the STRIDE security traits and threat – countermeasure relationships.
3.2 Perform a security control and maturity assessment.
  • Mitigation Effectiveness Tool, Control Maturity tab
3.3 Identify gap initiatives to address unacceptable risks.
  • Gap initiative list

Module 4: Gap Initiative Identification and Prioritization

The Purpose

  • Identify security gaps based on threat-control assessments.
  • Create a prioritized roadmap and plan to implement gap initiatives.

Key Benefits Achieved

  • Clearly identified and documented security gaps
  • Prioritized list of initiatives required to address security gaps to the organizational needs

Activities: Outputs:
4.1 Prioritize gap initiatives.
  • Prioritized gap initiative list
4.2 Make a plan to incorporate the gap initiatives into a security roadmap, and discuss how to integrate risk model into overall risk management decisions.
  • Workshop results incorporated into risk management and security strategy

Book this workshop now to accelerate your IT projects

Book Now
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy