Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Assess and Manage Security Risks

Accelerate your security threat and risk assessments with AI.

  • The exponential growth of digital landscapes multiplies vulnerable assets even as organizations struggle with a surge of cyberattacks.
  • Manual risk management methods often do not identify and assess risks quickly enough to offer complete and real-time insights to support strategic decision-making.
  • Empowering development teams to complete their own risk assessments is a common goal but often fails due to lack of security expertise.

Our Advice

Critical Insight

  • Develop a scalable, integrated process to assess and manage security risks
  • Leverage best-practice frameworks, drawing on emerging technologies to accelerate manual tasks
  • Enlist organizational participants to ensure reliable security risk data is available when you need it.

Impact and Result

  • Reduce security risk over time.
  • Improve security incident metrics, as well as their impact on the organization and the average incident response time.
  • Regular audits and assessments are more likely to show the security risk management program adheres to relevant security standards.

Assess and Manage Security Risks Research & Tools

1. Assess and Manage Security Risk – A step-by-step blueprint for identifying, analyzing, and managing information security risk.

Lay down the foundations for security risk management, including governance, assessment, and risk treatment.

2. Security Risk Toolset – A set of tools and templates to establish security risk governance, identity and assess threats, and manage risk.

A set of tools and templates to establish security risk governance, identity and assess threats, and manage risk.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.8/10


Overall Impact

$31,540


Average $ Saved

21


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Ground Transportation Systems Canada Inc

Guided Implementation

8/10

N/A

2

Soboba Band of Luiseno Indians

Guided Implementation

10/10

$12,330

4

EBSCO Industries Inc

Guided Implementation

10/10

$6,850

8

Jon was an amazing partner to work with. His knowledge and expertise were essential to our success in establishing a more rigid Risk Management Pr... Read More

Seneca Gaming Corporation

Workshop

8/10

$13,700

10

Primary benefits of the workshop to SGC: 1 - Opportunity to formally introduce concepts to senior management. It is often helpful when a third-p... Read More

AgHeritage Farm Credit Services d/b/a Insight Technology Unit (ITU)

Workshop

8/10

$32,195

10

I attended a workshop recently that was truly excellent. The leader, Fritz, had a deep understanding of our specific needs and was able to guide us... Read More

UCLA

Workshop

5/10

N/A

N/A

The Stride model and tool were not explained at the beginning of the sessions. I was not clear on the methodology or intended outcomes. The initi... Read More

Diamond Trading Company Botswana (PTY) LTD.

Workshop

10/10

$12,999

10

The best part was that the consultant was very knowledgeable in all aspect of information security and was very engaging and encouraging participat... Read More

UCLA

Workshop

9/10

N/A

32

The best part was our facilitator. She was great. There was no "worst part". The workshop exceeded my expectations.

UCLA

Workshop

10/10

$64,999

20

Coordinating discussion among different teams and helping us identify gaps

Camosun College

Guided Implementation

10/10

$25,000

20

No worst part, these tools take time to work through. The benefits of a structured threat and risk assessment using the STRIDE model is fantastic! ... Read More

California Department of Human Resources

Guided Implementation

10/10

$113K

115

The best part of the experience was the invaluable assistance and advice provided by the analyst, Ian both in terms of research assistance, and in ... Read More

American Transmission Company

Guided Implementation

8/10

$2,393

5

Tools and templates are great.

STERIS Corporation

Guided Implementation

10/10

$12,599

29

Ian is a joy to work with. He really takes the time to tailor the work around progressing programs with actionable items each meeting to improve th... Read More

State of Hawaii – ETS

Guided Implementation

10/10

$64,999

50

Good: - helped realign priorities - will revisit once we've establish a more solid baseline on security program

London Health Sciences Centre and St. Joseph’s Health Care, London

Guided Implementation

9/10

$10,000

5

Overall understanding of problem and some suggestions for a brainstormed solution.

Southwest Gas Corporation

Guided Implementation

10/10

$125K

20

Ian if very knowledgeable about your product as well as risk. He listens well and provides great feedback. We see Ian as a great resource and con... Read More

Atlantic Canada Opportunities Agencies

Guided Implementation

8/10

$47,500

10

Very good feedback. Open discussions. Varied ideas. Strong focus on IT less pertinent to my role, but nonetheless useful. Services are very appr... Read More

Canadian National Railway

Guided Implementation

10/10

$2,000

5

Blessing Hospital

Guided Implementation

8/10

N/A

N/A

Good discussion and follow-up call with additional analyst and different blueprint that may be more targeted towards Dr. Siddiqui's interest.

Blessing Hospital

Guided Implementation

10/10

N/A

N/A

Can't estimate the savings at this point however call exceeded expectations in research material being able to solve the business problem at hand.

California Department of Corrections & Rehabilitation

Guided Implementation

9/10

N/A

N/A

Federal Home Loan Bank of Chicago

Guided Implementation

10/10

N/A

N/A

I loved talking with Ian about risk philosophy! He helped me put together a risk tolerance and risk register for my organization that was focused ... Read More

Nakisa Inc.

Workshop

8/10

N/A

20

All was good.

The Ottawa Hospital

Guided Implementation

10/10

$11,500

10

British Columbia Transit

Workshop

8/10

$50,000

20

California Department of Corrections & Rehabilitation

Guided Implementation

9/10

N/A

N/A

Great insight on how to work through the program steps. Lots of knowledge and advice on what's important and whether a methodical or practical app... Read More

Apria Healthcare

Guided Implementation

8/10

N/A

N/A

Colonial Savings, F.A.

Guided Implementation

10/10

$764K

10

Ian did a great job of understanding what I was trying to accomplish and modifying the process for my needs.

BWX TECHNOLOGIES, INC.

Guided Implementation

9/10

N/A

N/A


Workshop: Assess and Manage Security Risks

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Build Program Governance

The Purpose

  • Design an effective governance structure for managing security risk.

Key Benefits Achieved

  • Security risk management governance structure

Activities

Outputs

1.1

Assess security risk management (SRM) program maturity.

  • Program goals and scope
1.2

Define SRM governance.

  • Roles and responsibilities
1.3

Build a security risk assessment framework.

  • Risk assessment framework
  • Risk tolerance

Module 2: Identify Information Security Risks

The Purpose

  • Develop a process for identifying information security risks.

Key Benefits Achieved

  • Defensible and realistic process to identify security risks.

Activities

Outputs

2.1

Build a repeatable security threat and risk assessment (TRA) process.

  • Repeatable TRA process
2.2

Prepare the sample TRA.

  • Sample TRA to trial the process
2.3

Evaluate relevant assets.

Module 3: Analyze Information Security

The Purpose

  • Establish a repeatable methodology for analyzing information security risks.

Key Benefits Achieved

  • Leverage artificial intelligence to enhance the analysis of information security risks.

Activities

Outputs

3.1

Assess likelihood and impact.

  • Process to assess and prioritize security risks
3.2

Prioritize security risks.

  • List of prioritized security risks
3.3

Identify risk treatment options.

Module 4: Treat Information Security Risks

The Purpose

  • Define security risk treatment process.

Key Benefits Achieved

  • Integrated security risks within IT and enterprise risk management.

Activities

Outputs

4.1

Identify quick wins to reduce exposure.

  • Risk register with a risk inventory of security risks.
4.2

Build risk management action plans.

  • Defined and prioritized risk management action plans
4.3

Build risk monitoring and communication plan.


Assess and Manage Security Risks

Accelerate your security threat and risk assessments with AI.

Analyst perspective

Enable innovation.

A mature security risk management practice is a critical component of a comprehensive and risk-aware information security program. What is often missed is that a successful security risk management also enables innovation. It not only reduces the residual risk associated with technology use to an acceptable level for the organization but also empowers it to make informed decisions about taking the right risks.

A key challenge with traditional approaches to security risk management is that threat and risk assessments are often too unwieldy to offer complete and real-time insights for decision-making. The key function of security risk management is timely triage, distinguishing between risks that require immediate action and those that can be addressed later. If processes can't do that, then they will fail.

Streamline risk identification and assessment processes to focus on how the organization treats security risks and incorporate them in a comprehensive enterprise risk management program. Next, collaborate with participants to identify, assess, and monitor risks to ensure reliable risk data is available to support proactive decision-making when needed. You don't need to go it alone.

 Michel Hébert, Principal Research Director, Security and Privacy

Michel Hébert
Principal Research Director, Security and Privacy
Info-Tech Research Group

Executive summary

Your Challenge Common Obstacles Info-Tech's Approach

A mature security risk management practice is a critical component of a comprehensive and risk-aware information security program.

Yet security leaders struggle to:

  • Develop a reliable process for assessing and managing security risks.
  • Provide timely and current risk assessments to support decision-making.
  • Integrate security risks into the enterprise risk management program to enhance their visibility.
  • The exponential growth of digital landscapes multiplies vulnerable assets even as organizations struggle with a surge of cyberattacks.
  • Manual risk management methods often do not identify and assess risks quickly enough to offer complete and real-time insights to support strategic decision-making.
  • Empowering development teams to complete their own risk assessments is a common goal but often fails due to lack of security expertise.

Implement a dynamic approach to assess and manage security risks effectively:

  • Align security risk management processes with your enterprise risk management program.
  • Lean on best-practice frameworks to streamline risk assessment and management processes.
  • Use emerging technologies to automate and accelerate manual tasks.
  • Enlist organizational participants to ensure reliable risk data is available to support decision-making.

Info-Tech Insight

Develop a scalable, integrated process to assess and manage security risks, one that leverages best-practice frameworks, draws on emerging technologies to accelerate manual tasks, and enlists organizational participants to ensure reliable security risk data is available when you need it.

Your challenge

Security leaders struggle to develop a reliable process to manage security risks.

Security experts often find it challenging to fit standard frameworks for assessing security risks into their company's specific practices.

There are three specific gaps:

  • Lack of structure. There isn't a clear agreement on the basic terms used to talk about security risk and how to evaluate it. Many in the field tend to rely on their gut feelings and what they've learned through past experiences instead of following standardized approaches.
  • Lack of timely data. Different groups in the same organization often use different, potentially conflicting information to describe the same aspect of a security risk. To compound the problem of conflicting reporting, underlying data is often too dated to be of use in managing quickly evolving cyberthreats.
  • Lack of clarity. Security leaders often lack the expertise to translate security information into the business language of risk management and communicate their needs to upper management.

Common obstacles

The exponential growth of digital landscapes multiplies vulnerable assets

  • The rapid expansion of digital technology globally is creating new areas for conflict and enabling various groups, including governments and other organizations, to launch cyberattacks across national borders.
  • Technology has become a cornerstone for managing public services and business operations. Governments, communities, and businesses alike rely on technology to complete daily tasks. As we integrate various platforms, tools, and interfaces and the internet moves toward a more decentralized model, this complexity introduces a wider array of security vulnerabilities and increases the potential for critical failures.
  • Security experts must contend with this growing attack surface and devise more efficient ways to identify, assess, and manage the security risks that threaten them. Manual risk management methods often do not identify and assess risks quickly enough to offer complete and real-time insights to support strategic decision-making.

Common obstacles

Meanwhile, organizations are facing a record high volume of cyberattacks

US $4.45M
Average cost of a data breach in 2023, a 15% increase over three years and the highest average on record (IBM, 2023)

US $1.54M
Average ransomware payout in 2023, up 89% from 2022 (Sophos, 2024)

8.2B records
Number of records exposed in data breaches in 2023 (IT Governance, 2024)

Yet recent research revealed that less than one in ten (8%) of organizations complete cyber risk assessments monthly, and less than half (40%) conduct them annually (ISACA, 2024).

Info-Tech's approach

Integrate risk management for a more strategic approach to information security

Integrate risk management
A recent study indicates that approximately 30% of organizations aren't just talking about risk but are assessing it, even without a formal risk management framework, while nearly half take an even more serious approach and supplement it with a formal framework. The trend highlights the growing awareness among organizations of the importance of assessing and managing security risks.

The evolving role of CISO
Meanwhile, KPMG's Cybersecurity Considerations for 2024 underscores the evolving role of the chief information security officer (CISO). They are now seen more as proactive partners in managing ongoing business needs rather than being solely responsible for rescuing the organization during times of crisis. This shift implies a more integrated approach to cybersecurity across various organizational functions (KPMG, 2024).

Integrate Risk and Use It to Your Advantage

Info-Tech's approach to security risk management (SRM)

1. Define the Scope
Identify assets that need protection and the environment in which they operate.

2. Assess Valuation
Determine the value, operational importance, and sensitivity of each asset and its role in compliance with regulations.

3. Identify Threats
Identify potential threats to each asset (e.g. cyber, physical, or internal threats).

4. Assess Vulnerabilities
Analyze the vulnerabilities that could be exploited by the identified threats.

5. Analyze and Evaluate Risks
Assess the likelihood and potential impact of each threat exploiting a vulnerability.

6. Prioritize Security Risks
Prioritize security risks. Allocate resources to the most significant risks first.

7. Treat Risks
Implement preventive, detective, or responsive security controls.

8. Monitor and Review
Monitor control effectiveness. Update new threats and vulnerabilities and adjust threat and risk assessment (TRA).

Info-Tech Insight

Develop a scalable, integrated process to assess and manage security risks, one that leverages best practice frameworks, draws on emerging technologies to accelerate manual tasks, and enlists organizational participants to ensure reliable security risk data is available when you need it.

Before you proceed

Consider the scope of your risk management project

  • This project blueprint will help you:
    • Build a basic governance structure for security risk management and align it to enterprise risk management.
    • Build a repeatable process to identify, assess, and treat security risks, including a threat and risk assessment process.
    • Practice the security risk management process you build on a few key systems or projects.
  • If you need to build a broader IT risk management program or integrate security, IT, and enterprise risk management in a single program, try these resources instead:

Info-Tech's methodology to assess and manage security risks

1. Build Program Governance 2. Identify Information Security Risks 3. Analyze Information Security Risks 4. Treat Information Security Risks
Phase Steps

1.1 Assess SRM program maturity.

1.2 Define program governance.

1.3 Build a risk assessment framework.

2.1 Create a repeatable TRA process.

2.2 Prepare the sample TRA.

2.3 Evaluate relevant assets.

3.1 Assess likelihood and impact.

3.2 Prioritize security risks.

3.3 Identify risk treatment options.

4.1 Build risk management action plans.

4.2 Build risk monitoring plans.

Phase Outcomes Establish the governance structure of the SRM program and align it with the enterprise risk management (ERM) program. Build a flexible and adaptive approach to TRAs to identify information security risks. Build a repeatable process for analyzing security risks based on likelihood and impact and prioritize security risks for remediation. Identify risk response options, identify quick wins for risk mitigation, and build risk management action plans for more complex risks.

Insight summary

Accelerate security risk identification and mitigation

Develop a scalable, integrated process to assess and manage security risks. This process should leverage best-practice frameworks, draw on emerging technologies to accelerate manual tasks, and enlist organizational participants to ensure reliable security risk data is available when needed.

Integrate the SRM practice

Move away from an approach to security risk management that encourages compartmentalized processes toward a more integrated approach.

Without a common governance framework, effective risk assessment and aggregation at the enterprise level is impossible.

Be proactive

Risk discovery is sometimes methodical or spontaneous. Risk practitioners must identify risks actively rather than constantly reacting to them passively.

Develop a flexible approach to threat modeling and risk assessments to keep pace with cyberattacks' speed, scale, and complexity.

Engage the business

IT security may be the front line of defense against security risks, but risk mitigation often involves costs that exceed the CISO's budget.

Build strong relationships with business owners and involve them in assessing and managing security risks. The business is ultimately responsible for budgeting and risk management decisions.

Share security responsibility

Security risks are business risks since every security issue can affect the business.

Develop a security risk management program that shares responsibility for risk treatment and monitoring with the business.

Encourage accountability

Integrated risk governance is complex. To ensure the success of your SRM practice, build two simple elements into your program: Assign clear responsibilities and accountabilities and establish guidelines for risk reporting and communication.

Build a repeatable process

Threat and risk assessments are critical components of a proactive security risk management program. Build a repeatable process for conducting objective assessments of existing risks and comparing them to the organization's risk tolerance.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

SRM Maturity Assessment Tool
A maturity assessment for the security risk management program.

TRA Process Template
A template for the security threat and risk assessment process.

Program Governance Tools
The Security Risk Management Program RACI Tool and Security Risk Tolerance Assessment Tool

Security Risk Management Tools
A Threat and Risk Assessment Tool and an Integrated Risk Register

Key Deliverables

The tools and templates that focus on threat and risk assessment are the most important deliverables in this project.

Use them to build a repeatable threat and risk assessment process and integrate it with IT and enterprise risk management.

Keep your organization safe

Measure the benefits of a robust security risk management program

  • Baseline the performance of your organization against key metrics before proceeding with the security risk management improvement project.
  • Organizations with a successful security risk management program:
    • Experience security risk reduction. The number and severity of identified risks decrease over time. This includes tracking resolved vulnerabilities and mitigated threats. Expect an initial increase in the number of risks identified.
    • Improve security incident metrics. The number of security incidents decreases over time, along with their impact on the organization and the average incident response time.
    • Are more likely to be compliant. Regular audits and assessments are more likely to show the security risk management program adheres to relevant security standards.

Measure the value of the SRM project

Info-Tech's approach will accelerate your success. Estimates reflect advisory and workshop experiences.

Without Blueprint With Blueprint
Phase 1: Align the SRM program 1 to 5 people 1 day 1-2 weeks
Phase 2: Identify security risks 1 to 5 people 1 day 4-6 weeks
Phase 3: Analyze security risks 1 to 5 people 1 day 4-6 weeks
Phase 4: Treat security risks 1 to 5 people 1day 1-2 weeks

Time Saved: 10-14 weeks

Benefits are iterative
The value of the project comes from the initial program design, but you will experience benefits over time as well as you iterate the approach and evaluate additional risks more effectively.

Success story

Security Risk Management Workshop

MEMBER
Anonymous

INDUSTRY
Higher Education

SOURCE
Info-Tech Workshop, 2022

A large American university was planning the implementation of a security risk management program across its many campuses to augment an existing enterprise risk management program.

The challenge was to devise a standard security risk management methodology to inform the identification, assessment, and management of security risk campus-wide. The strategic goals of the project were to:

  • Promote consistent risk tolerance and risk assessment across campuses.
  • Support sound security risk assessment and treatment.
  • Support the prioritization and resourcing of security initiatives.

Info-Tech used its security risk management methodology to devise repeatable processes to:

  • Conduct threat and risk assessment.
  • Conduct objective, proactive assessments of security risks.
  • Build concise risk management action plans.
  • Identify escalation paths with clear thresholds.

Results

The four-day engagement:

Built a flexible and adaptive approach to threat and risk assessments to identify information security risks proactively.

Built a process to analyze security risks, identify criteria for deeper assessments, and prioritize security risks for remediation.

Built a process to identify risk response options and construct risk management action plans for more complex risks.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Executive & Technical Counseling Consulting
"Our team has already made this critical project a priority. We have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process. We need assistance to decide where we should focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place. "Our team and processes are maturing; however, to expedite the journey we'll need a seasoned practitioner to coach and validate approaches, deliverables, and opportunities." "Our team does not have the time or the knowledge to take on this project. We need implementation assistance through the entirety of this project."
Diagnostics and consistent frameworks are used across all five levels of support.

Guided Implementation

What does a typical GI on this topic look like?

Build program governance Identify information security risks Assess information security risks Treat information security risks

Call #1: Scope requirements and assess SRM program maturity.

Call #2: Review SRM governance

Call #3: Discuss the scope, timings, and structure of TRAs.

Call #4: Review draft of TRA process.

Call #5: Define criteria to assess risk exposure.

Call #6: Discuss risk treatment options and risk management action plan. Identify strategy risks.

A Guided Implementation is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical Guided Implementation takes place in 4 to 6 calls over the course of 4 to 6 months.

Workshop Overview

Pre-work (CxO) Day 1 Day 2 Day 3 Day 4 Post-work
Build Program Governance Identify Information Security Risks Analyze Information Security Risks Treat Information Security Risks Next Steps
Activities
  1. Create security risk working group.
  2. Socialize statement of work.
  3. Workshop logistics.
  4. Estimate scope of workshop threat and risk assessments (TRAs).
  5. Select initial threat and risk assessment model.
  1. Assess SRM program maturity.
  2. Define SRM governance.
  3. Build a security risk assessment framework.
  1. Build a repeatable security threat and risk assessment (TRA) process.
  2. Prepare the sample TRA.
  3. Evaluate relevant assets.
  1. Assess likelihood and impact.
  2. Prioritize security risks.
  3. Identify risk treatment options.
  1. Identify quick wins to reduce exposure.
  2. Build risk management action plans.
  3. Build risk monitoring and communication plan.

Finalize Deliverables (Info-Tech):

  1. SRM program summary
  2. Risk register
  3. Security risk identification and assessment tool

Post-Workshop (CXO):

  1. Iterate threat and risk assessment for additional risk scenarios.
  2. Review documents with Info-Tech analysts.
  3. Access additional analyst services for IT risk management or security strategy initiatives.
Outcomes
  • Security and risk working group members
  • Initial threat model selection
  • Security risk management governance
    • Program goals and scope
    • Roles and responsibilities
    • Risk assessment framework
    • Risk tolerance
  • Repeatable TRA process
  • Sample TRA to trial the process
    • Identify assets
    • Identify threats
    • Assess vulnerabilities
  • Process to assess and prioritize security risks
  • List of prioritized security risks
  • Risk register with a risk inventory of security risks
  • Defined and prioritized risk management action plans

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Recommended workshop participants

Day 1 Day 2 Day 3 Day 4
Senior Management
(CIO, CRO, CISO)
Key Business Units
IT Security
IT Infrastructure and Operations
Risk Management
(legal, risk, HR, audit)
Data Analysts
(legal, risk, HR, audit)

Phase 1

Build Program Governance

Phase 1

1.1 Assess program maturity
1.2 Define program governance
1.3 Build a risk assessment framework

Phase 2

2.1 Create a repeatable TRA process
2.2 Prepare the sample TRA
2.3 Evaluate assets

Phase 3

3.1 Assess likelihood and impact
3.2 Prioritize security risks
3.3 Identify risk treatment options

Phase 4

4.1 Build management action plans
4.2 Build communication and monitoring plans

This phase will walk you through the following activities:

1.1 Assess program maturity
1.2 Define program governance
1.3 Build risk assessment framework

Outcome:

  • Security risk management governance structure

This phase involves the following participants:

  • Chief information officer
  • Chief risk officer
  • Chief security officer
  • Representatives from key business units
  • Security team
  • Security risk management team
  • Audit and Compliance (optional)

Integrate risk management

Siloed risks are risky business

Many organizations struggle to create a unified security, IT, and enterprise risk management approach. Security teams often operate independently, addressing risks primarily during compliance checks or project planning. This leaves organizational leaders out of the loop, with many unsure of their role in managing these threats.

Without a shared governance framework, it's impossible to assess and consolidate risks across the entire organization effectively. This phase aims to shift away from isolated, fragmented approaches to security risk management and move toward a unified, integrated strategy.

The following exercises will help you assess the maturity of your security risk management program, define its governance, and assess the organization's security risk tolerance. Every organization has a limit to the risk it's willing to take, even if that limit isn't formally defined.

Assess and Manage Security Risks preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

8.8/10
Overall Impact

$31,540
Average $ Saved

21
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Build program governance
  • Call 1: Scope requirements and assess SRM program maturity.
  • Call 2: Review SRM governance.

Guided Implementation 2: Identify information security risks
  • Call 1: Discuss the scope, timings, and structure of TRAs.
  • Call 2: Review draft of TRA process.

Guided Implementation 3: Assess information security risks
  • Call 1: Define criteria to assess risk exposure.

Guided Implementation 4: Treat information security risks
  • Call 1: Discuss risk treatment options and risk management action plan. Identify strategy risks.

Authors

Michel Hebert

Kate Wood

Contributors

  • Eric Hargrave, VP IT Security, Kleinfelder
  • Evan Garland, Security Manager, Camosun College
  • Frederic Maurette, Senior Project Manager, Converged Security Solutions
  • Rob Desiata, Security Risk Manager, Kleinfelder
  • Priscilla Tsang, Chief Cybersecurity Governance and PGR Management, MTA
  • Ali Syed, Senior Cybersecurity Executive, Compugen
  • Justin Clevett, Senior Technology Risk Professional, Regional Municipality of Durham
  • Shanabi Rajabu, Senior Manager, Network Operations, NMB Reserve Bank
  • Sajid Saiyed, CISO, Cybersecurity Umbrella
  • Jose Jaramillo, Deputy CISO, California Employment Development Department
  • Harieth Mgelwa, Security Engineer, NMB Reserve Bank
  • Chris Kashuba, Cyber Security Risk Manager, California Employment Development Department
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019