Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.

Our Advice

Critical Insight

  • Technological change is increasing both the protect surface and the variety of tools available to secure it.
  • Security frameworks are helpful, but they don’t describe how to gather business requirements, identify organizational risks, or set an appropriate target state for the program, or which controls to select to conduct an accurate gap analysis for the security program.
  • The better security leaders can balance a budget that funds cyber resiliency and drives revenue, the more likely they are to progress in their career.

Impact and Result

Build a business-aligned, risk-aware, holistic security strategy:

  • Gather business requirements to prioritize improvements.
  • Assess risks, stakeholder expectations, and risk appetite to set meaningful targets.
  • Do a comprehensive gap analysis to identify improvements.
  • Build a flexible roadmap to set the program on the right footing.

Build an Information Security Strategy Research & Tools

1. Build an Information Security Strategy Storyboard – A step-by-step document that helps you build a holistic, risk-based, and business-aligned information security strategy.

Your security strategy should not follow frameworks blindly. Instead, it should align with your business context and build on a solid risk assessment and a comprehensive gap analysis. Use this storyboard to build or update a business-aligned, risk-aware, and holistic security strategy that prioritizes program initiatives for the next three years.

2. Information Security Requirements Gathering Tool – A tool to gather business requirements you can use to prioritize security initiatives.

Use this tool to identify the organizational goals and compliance obligations that shape your security strategy and define its scope. Your work will inform the prioritization of security initiatives following the gap analysis.

3. Information Security Program Gap Analysis Tool – A tool to identify improvement initiatives that address your most significant control gaps.

Use this tool to conduct a comprehensive assessment of the current state of your program and identify improvement initiatives that address your most significant control gaps. Your work will draw on the business requirements and security pressures you identified in previous steps to build a three-year roadmap for your security program.

4. Information Security Program Gap Analysis Tool – A structured tool to systematically understand your current security state.

Effective security planning should not be one size fits all – it must consider business alignment, security benefit, and resource cost. To enable an effective security program, all areas of security need to be evaluated closely to determine where the organization sits currently and where it needs to go in the future.

5. Information Security Strategy Communication Deck – A presentation template you can tailor to different audience to communicate your security strategy.

Use this deck to present the results of the security strategy to stakeholders and show how the security program will improve over time. The communication deck draws on the outputs of the business requirement, security pressure, and gap analysis tool to build a presentation template you can customized for different audiences.

6. Information Security Charter – A charter template you can adapt to document the scope and purpose of your security program.

Use this template to define the scope and purpose of your security program. The charter will set clear objectives for the security steering committee and identify responsibilities for security governance initiatives.

webinar status icon

On Demand

Webinar

Create a Business Aligned Security Strategy

Play Webinar

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.6/10


Overall Impact

$47,300


Average $ Saved

36


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Colorado Early Colleges

Guided Implementation

8/10

$13,700

2

Mike laid out the scope and needs very clearly. The worst part was realizing how much work remains to be done to reach the maturity level I want to... Read More

The Corporation of the City of Kingston

Workshop

8/10

$25,000

20

Dave K is an excellent facilitator, providing meaningful direction and guidance to our team, keeping the sessions moving and on time.

City of Allen, TX

Guided Implementation

10/10

N/A

10

Kruger Services Inc.

Guided Implementation

8/10

$10,000

5

Advice and ready to use tool was great.

University of Limpopo

Workshop

10/10

$60,000

60

The best parts were when the facilitator allowed the team to discover requirements and gaps on their own. He subtly resisted to giving the inputs ... Read More

Dufferin Peel Catholic District School Board

Guided Implementation

10/10

N/A

12

The President and Fellows of Harvard College, a Massachusetts nonprofit corporation, acting by and through Harvard Business School

Workshop

10/10

$68,500

85

Outstandingworkshop and engagement. We learned a great deal, and flexibility was key. Facilitation was outstanding.

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

$68,500

120

I recently participated in an online workshop led by Petar, and it was an outstanding experience. Petar brings an incredible wealth of knowledge an... Read More

California Department of Health Care Services

Guided Implementation

10/10

N/A

50

Viktor was very helpful, knowledgeable and easy to work with, thanks!

Abbott Laboratories

Guided Implementation

10/10

$30,140

5

Mike was extremely helpful and supportive throughout the process, we were able to complete the activity and received much needed assistance.

State of New Mexico - New Mexico Department of Public Safety

Guided Implementation

10/10

$41,100

120

It is difficult to quantify both the time saved and the value impact of my engagement with Jon. The blueprint itself is helpful but having Jon and ... Read More

Kinark Child And Family Services

Guided Implementation

8/10

N/A

18

The experience working with Petar was great. He was very thorough in helping us achieve our goals. We will work with him again if and when given th... Read More

National Cooperative Bank NA

Workshop

8/10

$13,700

10

Overall, the experience was positive. This workshop marked the third occurrence in the past decade. With the implementation of an independent thre... Read More

Oak Valley Health

Guided Implementation

10/10

$25,000

9

State of New Mexico Early Childhood & Care Department

Guided Implementation

10/10

N/A

120

Donor Network West

Guided Implementation

10/10

$13,700

5

Very good advice on what to focus on and how to approach regulators. worst part was realizing all the work that I still had to do.

A. Farber Associates

Workshop

10/10

$100K

120

The best parts of my experience were the exceptional expertise of Dave Kernohan, the comprehensive and well-structured workshop content, the benefi... Read More

CNY Centro, Inc.

Guided Implementation

10/10

N/A

N/A

Jon was awesome to work with and had a wealth of knowledge. He was patient with us when were having problems understanding certain topics, and took... Read More

El Dorado Irrigation District

Guided Implementation

10/10

$2,740

5

GSW Manufacturing

Guided Implementation

9/10

$9,590

5

The level of detail in the review of our system was impressive. It does help to focus our efforts on research from InfoTech that will make the mos... Read More

Town Of Whitby

Workshop

10/10

$55,000

23

great facilitation and knowledge from Sumit. Lots of knowledge and it will be good to have time to reflect and review. Thank you for the 4 days it ... Read More

iFIT

Workshop

10/10

$68,500

60

The best part of this experience was having Dave Kernohan lead our workshop. He was able to quickly build rapport virtually with the security team... Read More

Firstmac Limited

Guided Implementation

10/10

$22,750

20

The ranking above is for the overall experience. The end result is a solid gap analysis and plan for cyber security moving forward. having independ... Read More

City of Williamsburg, VA

Guided Implementation

10/10

$34,250

110

Petar led me through the entire process flawlessly. He kept me on-track and took the time to explain everything while offering his thoughts and ex... Read More

Cidel Bank & Trust

Guided Implementation

9/10

N/A

20

Facilitator was very knowledgeable of the subject area and was able to provide valuable insight. Also, the excel tools made the process easy to get... Read More

Carver County, MN

Guided Implementation

10/10

$13,700

10

Our analyst was great to work with and very knowledgeable.

Capital Regional District

Guided Implementation

10/10

$50,000

50

Jon and Manoj were the best part - They were so good at listening to my specific needs and concerns and explaining how to approach resolving them. ... Read More

Westoba Credit Union Limited

Guided Implementation

10/10

$10,000

14

Matches well with our current initiatives and helps build the business case for doing certain work and requesting additional resources.

County of Chesterfield, Virginia

Guided Implementation

10/10

$32,195

20

Efficient use of time with targeted focus on right tools and approach based on our current state.

CICSA CO OP Credit Union

Guided Implementation

10/10

$68,500

50

For me this is easily a $50k value add. EY, PWC etc. will charge $25k for a Cybersecurity Strategy and it will only entail a fraction of what Jo... Read More


Security Strategy

Tailor best practices to effectively manage information security.
This course makes up part of the Security & Risk Certificate.

  • Course Modules: 5
  • Estimated Completion Time: 1 hour
  • Featured Analysts:
  • Michel Hébert, Principal Research Director

Now Playing:
Academy: Security Strategy | Introduction

An active membership is required to access Info-Tech Academy

Workshop: Build an Information Security Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess business requirements

The Purpose

  • Assess business requirements.

Key Benefits Achieved

  • Identify security program alignment criteria.

Activities

Outputs

1.1

Understand business and IT strategy and plans.

1.2

Define business and compliance requirements.

1.3

Establish the security program scope.

1.4

Analyze the organization’s risks and stakeholder pressures.

1.5

Assess organizational risk appetite.

  • Goals cascade for the security program
  • Security scope and boundaries statement
  • Risk assessment and pressure analysis
  • Organizational risk appetite

Module 2: Perform a gap analysis

The Purpose

  • Perform a gap analysis.

Key Benefits Achieved

  • Define the program's target state.
  • Assess the organization's current state.

Activities

Outputs

2.1

Define the information security target state.

2.2

Assess current security capabilities.

2.3

Identify security gaps.

2.4

Build initiatives to bridge the gaps.

  • Information security target state
  • Security current state assessment
  • Initiatives to address gaps

Module 3: Complete the gap analysis

The Purpose

  • Complete the gap analysis.

Key Benefits Achieved

  • Security program improvement tasks and initiatives

Activities

Outputs

3.1

Continue assessing current security capabilities.

3.2

Identify security gaps.

3.3

Build initiatives to bridge the maturity gaps.

3.4

Identify initiative list and task list.

3.5

Define criteria to be used to prioritize initiatives.

  • Completed security current state assessment
  • Task list to address gaps
  • Initiative list to address gaps
  • Prioritization criteria

Module 4: Develop roadmap

The Purpose

  • Develop the roadmap.

Key Benefits Achieved

  • Security program roadmap
  • Communication resources

Activities

Outputs

4.1

Conduct cost-benefit analysis on initiatives.

4.2

Prioritize gap initiatives based on cost, time, and alignment with the business.

4.3

Build effort map.

4.4

Determine start times and accountability.

4.5

Finalize security roadmap and action plan.

4.6

Create communication plan.

  • Information security roadmap
  • Draft communication deck

Build an Information Security Strategy

Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

EXECUTIVE BRIEF

Analyst Perspective

Align initiatives to the goals of your organization and the risks it faces.

Kate Wood

The rapid pace of technological change is a call to action to information security leaders.

Too often, security leaders find their programs stuck in reactive mode, as years of mounting security technical debt take their toll on the organization. Shifting from a reactive to proactive approach has never been more urgent, yet it remains a daunting task.

As we make security plans, we need to do more than blindly follow best practice frameworks. Only a proactive information security strategy, one that is holistic, risk-aware, and aligned to business needs, can help us navigate the changes ahead.

Kate Wood
Practice Lead, Security & Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.
  • Technological change is increasing both the protect surface and the variety of tools available to secure it.
  • Security frameworks are helpful, but they don’t describe how to gather business requirements, identify organizational risks, or set an appropriate target state for the program, or which controls to select to conduct an accurate gap analysis for the security program.
  • The better security leaders can balance a budget that funds cyber-resiliency and drives revenue, the more likely they are to progress in their career.

Build a business-aligned, risk-aware, holistic security strategy:

  • Gather business requirements to prioritize improvements.
  • Assess risks, stakeholder expectations, and risk appetite to set meaningful targets.
  • Conduct a comprehensive gap analysis to identify improvements.
  • Build a flexible roadmap to set the program on the right footing.

Info-Tech Insight

The most successful information security strategies are:

  • Holistic. They consider the full spectrum of information security including people, processes, and technologies.
  • Risk-Aware. They understand that security decisions should be made based on the security risks facing their organization, not just on best practice.
  • Business-Aligned. They demonstrate an understanding of the goals and strategies of the organization, and how the security program can support the business.

Your challenge

The stakes for information security programs have never been greater.

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Information security incidents were ranked as the most important business risk worldwide for the second year in a row according to the Allianz Risk Barometer 2023.
  • According to Cybersecurity Ventures, the cost of cybercrimes worldwide will grow by 15% year over year for the next five years, reaching US$10.5 trillion annually by 2025, up from US$3 trillion in 2015.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.

Your challenge

The average cost of security incidents is reaching an all-time high.

83% percent of organizations that have had more than one breach in 2022.

US$4.45 million Average cost of a data breach in 2023.

US$5.13 million Average cost of a ransomware attack, not including the cost of the ransom.

Source: IBM, 2022, 2023.

Your challenge

Common attacks persist, which suggests that most are still not getting security fundamentals right.

66% Organizations hit by ransomware in 2021 and 2022.1

35% Organizations who conducted phishing simulations in 2022.2

84% Organizations who experienced phishing attacks with direct financial loss in 2022.2

Sources: 1 Sophos, 2022, 2023;
2 Ponemon, 2023.

Common obstacles

Reactive security strategies can’t keep up.

The image contains a screenshot of the common obstacles of reactive security.

Info-Tech’s approach

Build a proactive security strategy.

The image contains a screenshot of Info-Tech's approach to build a proactive security strategy.

Use a best-of-breed model based on leading frameworks

The image contains a screenshot of a best-of-breed model based on leading frameworks.
The image contains a screenshot of the Thought Model Build and Information Security Strategy.

Info-Tech’s methodology for building an information security strategy

1. Assess Business Requirements

2. Conduct a Gap Analysis

3. Build a Roadmap of Prioritized Initiatives

4. Execute and Maintain the Strategy

Phase Steps

1.1 Define goals & scope

1.2 Assess risks

1.3 Determine pressures

1.4 Determine risk appetite

1.5 Establish target state

2.1 Review security framework

2.2 Assess your current state

2.3 Identify gap closure actions

3.1 Define tasks & initiatives

3.2 Perform cost-benefit analysis

3.3 Prioritize initiatives

3.4 Build roadmap

4.1 Build communication deck

4.2 Develop a security charter

4.3 Execute on your roadmap

Phase Outcomes

  • Goals cascade, scope, and boundaries for the security program
  • Defined risk appetite level, risk assessment, and pressure analysis
  • Information security target state
  • Security current state assessment
  • Gap closure initiatives
  • Information security roadmap
  • Security strategy communication plan
  • Security charter

Tools

Information Security Requirements Gathering Tool; Information Security Pressure Analysis Tool

Information Security Program Gap Analysis Tool

Information Security Program Gap Analysis Tool

Information Security Strategy Communication Deck

Insight summary

Your security strategy is a business strategy first.
A well-defined information security strategy is holistic, risk aware, and business-aligned.

Assess business requirements
Protecting the organization means taking on enough risk to enable the organization to meet its objectives.

Seek agreement on the program target state
Higher target states require more investment. Ensure stakeholders agree on the maturity of the program you need from the start to ensure continued support.

Prioritize initiatives and roadmap
Express the benefit of security initiatives in terms of their impact on what matters – the key strategic goals that drive decision making at your organization.

Execute and maintain strategy
Reinforce the concept that a security strategy is an effort to enable the organization to achieve its core mission within its risk appetite.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Information Security Requirements Gathering Tool
Define the business, customer, and compliance alignment for your security program.

Information Security Pressure Analysis Tool
Determine your organization’s security pressures and ability to tolerate risk.

Information Security Program Gap Analysis Tool
Use our best-of-breed security framework to perform a gap analysis between your current and target states.

Information Security Charter
Ensure the development and management of your security policies meet the broader program vision.

Key deliverable:

Information Security Strategy Communication Deck
Present your findings in a prepopulated document that can summarizes all key findings of the blueprint.

The image contains a screenshot of the Information Security Strategy Communication Deck.

This blueprint is ideal for program updates

1. Program Update

“I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”

Use this blueprint to:

  1. Gather business requirements to align security initiatives based on organizational goals.
  2. Assess security pressures to set a meaningful target state for the program.
  3. Conduct a gap analysis to identify targeted improvements.
  4. Build a security roadmap of prioritized initiatives to set the program on the right footing.

This project is part of a broader program to improve your information security posture.

1. Lay Program Foundations
Set the stage for your security program properly. Focus first on how the program will support the creation of business value.

2. Define Security Governance
Establish the framework to evaluate, direct, and monitor security controls. Create a charter to support the security program.

3. Build Security Strategy
Build a strategy aligned with business goals and organizational risks. Create a strategy roadmap.

4. Build Security Catalog
Create a reference point for stakeholders to understand the security measures in place and how they work.

5. Define Security Architecture
Provide a roadmap for designing and implementing security controls.

6. Design Security Services
Define the content of the security services you will provide.

7. Operate, Measure, and Improve
Devise a suite of metrics to evaluate and improve the effectiveness of the security program.

2. Program Renewal

“I am worried the security program is getting stale. I need to understand what makes my organization unique to prioritize core security capabilities.”

Complete the first two phases of Design and Implement a Business-Aligned Security Program.

We will learn how to use the output from the security program design tool to inform your security strategy in Phase 2 of this project.

Info-Tech’s approach will accelerate your progress

Estimates reflect advisory and workshop client experiences.

With Blueprint

Without Blueprint

Phase 1: Assess Business Requirements

1 to 5 people

0.5 to 2 days

1-2 weeks

Phase 2: Conduct a Gap Analysis

1 to 5 people

2 to 3 days

4-8 weeks

Phase 3: Build a Roadmap of Prioritized Initiatives

1 to 2 people

1 day

1-2 weeks

Phase 4: Execute & Maintain the Strategy

1 to 5 people

1-2 days

1-2 weeks

Time Saved: 7-14 weeks

Benefits are iterative
Over time, experience incremental value from your initial security strategy. Through continual updates your strategy will evolve, but with less associated effort, time, and costs.

Run Info-Tech diagnostics to measure the success of your strategy

The image contains screenshots of the Governance & Management Maturity Scorecard.

Audience: Security Manager

Governance & Management Maturity Scorecard

Understand the maturity of your security program across eight domains.


The image contains a screenshot of the Security Business Satisfaction and Alignment Report.

Audience: Business Leaders

Security Business Satisfaction and Alignment Report

Assess the organization’s satisfaction with the security program.

  • Info-Tech diagnostics are standardized surveys that accelerate the process of gathering and analyzing pain point data.
  • Diagnostics also produce historical and industry trends against which to benchmark your organization.
  • Reach out to your account manager or follow the links to deploy some or all these diagnostics to validate your assumptions. Diagnostics are included in your membership.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical Guided Implementation on this topic look like?

Assess Business Requirements

Conduct a Gap Analysis

Prioritize Initiatives and Roadmap

Execute and Maintain the Strategy

Call #1: Introduce project and complete business requirements gathering.

Call #2: Introduce pressure analysis.

Call #3: Introduce the maturity assessment.

Call #4: Perform gap analysis and translate into initiatives.

Call #5: Consolidate related gap initiatives and define cost, effort, alignment, and security benefits.

Call #6: Review cost-benefit analysis and build an effort map.

Call #7: Build implementation waves and introduce Gantt chart.

Call #8: Review Gantt chart and ensure budget/buy-in support.

Call #9: Three-month check-in: Execute and maintain the strategy.

A Guided Implementation is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical Guided Implementation takes place in 2 to 12 calls scheduled over the course of 4 to 6 months.

Executive Brief Case Study

INDUSTRY: Financial Services

SOURCE: Info-Tech Research Group

Credit Service Company

Founded over 100 years ago, Credit Service Company (CSC)* services over 50,000 US clients in 40 branches across four states.

Situation
Increased regulations, changes in technology, and a growing number of public security incidents had caught the attention of the organization’s leadership. Despite awareness, an IT and security strategy had not been previously created. Management was determined to create a direction for the security team that aligned with their core mission of providing exceptional service and expertise.

Solution
During the workshop, the IT team and Info-Tech analysts worked together to understand the organization’s ideal state in various areas of information security. Having a concise understanding of requirements was a stepping stone to beginning to develop CSC’s prioritized strategy.

Results
Over the course of the week, the team created a document that concisely prioritized upcoming projects and associated costs and benefits. On the final day of the workshop, the team effectively presented the value of the newly developed security strategy to senior management and received buy-in for the upcoming project.

*Some details have been changed for client privacy.

Phase 1

Assess Business Requirements

Phase 1

Phase 2

Phase 3

Phase 4

1.1 Define goals & scope

1.2 Assess risks

1.3 Determine pressures

1.4 Assess risk appetite

1.5 Establish target state

2.1 Review security framework

2.2 Assess your current state

2.3 Identify gap closure actions

3.1 Define tasks & initiatives

3.2 Perform cost-benefit analysis

3.3 Prioritize initiatives

3.4 Build roadmap

4.1 Build communication deck

4.2 Develop a security charter

4.3 Execute on your roadmap

This phase will walk you through the following activities:

  • 1.1 Define strategic goals and scope
  • 1.2 Assess inherent security risks
  • 1.3 Assess stakeholder pressures
  • 1.4 Assess risk appetite
  • 1.5 Establish program target state
webinar status icon

On Demand

Webinar

Create a Business Aligned Security Strategy

Play Webinar

Align the information security strategy to organizational goals and risks to create value.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.6/10
Overall Impact

$47,300
Average $ Saved

36
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess business requirements
  • Call 1: Introduce project and complete business requirements gathering.
  • Call 2: Introduce pressure analysis.

Guided Implementation 2: Conduct a gap analysis
  • Call 1: Introduce the maturity assessment.
  • Call 2: Perform gap analysis and translate into initiatives.

Guided Implementation 3: Prioritize initiatives and roadmap
  • Call 1: Consolidate related gap initiatives and define cost, effort, alignment, and security benefits.
  • Call 2: Review cost-benefit analysis and build an effort map.
  • Call 3: Build implementation waves and introduce Gantt chart.

Guided Implementation 4: Execute and maintain the strategy
  • Call 1: Review Gantt chart and ensure budget/buy-in support.
  • Call 2: Three-month check-in: Execute and maintain the strategy.

Authors

Michel Hebert

Kate Wood

Contributors

  • Peter Clay, Zeneth Tech Partners, Principal
  • Ken Towne, Zeneth Tech Partners, Security Architect
  • Luciano Siqueria, Road Track, IT Security Manager
  • Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
  • Jason Bevis – FireEye, Senior Director Orchestration Product Management - Office of the CTO
  • Joan Middleton, Villiage of Mount Prospect, IT Director
  • David Rahbany, The Hain Celestial Group, Director IT Infrastructure
  • Rick Vadgama, Cimpress, Head of Information Privacy and Security
  • Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
  • Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
  • Trevor Butler, City of Lethbridge, Information Technology General Manager
  • Shane Callahan, Tractor Supply, Director of Information Security
  • Jeff Zalusky, Chrysalis, President/CEO
  • Dan Humbert, YMCA of Central Florida, Director of Information Technology
  • Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
  • Jim Burns, GreatAmerica Financial Services, Vice President Information Technology
  • Ryan Breed, Hudson’s Bay, Information Security Analyst
  • James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems

Search Code: 74131
Last Revised: March 13, 2024

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019