Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Build Your Security Operations Program From the Ground Up

Establish security operations with a threat collaboration environment.

  • Analysts cannot monitor and track events coming from multiple tools because they have no visibility into the threat environment.
  • Incident management takes away time from problem management because processes are ad hoc and the continuous monitoring, collection, and analysis of massive volumes of security event data is responsive rather than tactical.
  • Organizations are struggling to defend against and prevent threats while juggling business, compliance, and consumer obligations.

Our Advice

Critical Insight

  • Security operations is no longer a center but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
  • Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization and needs configuration. Prevention, detection, analysis, and response processes must contextualize threat data and supplement one another – true value will only be realized once all four functions operate as a unified process.
  • If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

Impact and Result

  • A centralized security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes that address the increasing sophistication of cyberthreats while guiding continuous improvement.
  • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

Build Your Security Operations Program From the Ground Up Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a security operations program, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

1. Establish your foundation

Determine how to establish the foundation of your security operations.

2. Assess your current state

Assess the maturity of your prevention, detection, analysis, and response processes.

3. Design your target state

Design a target state and improve your governance and policy solutions.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.6/10


Overall Impact

$84,390


Average $ Saved

62


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

LSU AgCenter

Guided Implementation

10/10

N/A

50

Best parts: Knowledgeable and friendly expert, streamlined process, great pre-built tools Worst part: Realizing how much work we have to do to get... Read More

Ministry of Industry, Innovation, Science and Technology

Guided Implementation

10/10

$137K

120

This analyst call has given me the confidence that our Ministry can accomplish the rollout of this task if the resources are allocated to it. I do ... Read More

Marshall University

Guided Implementation

8/10

$13,700

10

The analyst is very knowledgable and great to work with. The worst part is the challenge of time management on our side of not currently having the... Read More

Chemeketa Community College

Workshop

10/10

$102K

60

Best - plan developed with deliverables, communication flow between two teams, discussion of current state. discussion of issues between the two ma... Read More

State of Kansas Human Services

Workshop

10/10

$68,500

50

Victor Okorie was quite extraordinary in so many ways. Not only did he bring in the stellar technical skills and very mature operational experience... Read More

Reliance Standard Life Insurance Company

Workshop

9/10

N/A

N/A

Once we make adjustments where needed, i believe we should save time and money, but I don't know exactly what those numbers look like. I thoug... Read More

Ailos Central Credit Cooperative

Guided Implementation

10/10

$100K

80

The best part is the follow-up given by the analyst Shastri during the steps we planned. The worst part was working in splited time, we could not ... Read More

Virginia Department of Taxation

Workshop

10/10

$12,599

5

Messer

Guided Implementation

8/10

$30,999

20

The best part was listening and learning fro Shastri who has great experience in what I need to do. Nothing bad to report except now I have a lot o... Read More

Portland Community College

Guided Implementation

9/10

N/A

5

Marc addressed the core questions we had and suggested some productive follow ups. Our main goal was just to have a "sounding board" for the work w... Read More


Workshop: Build Your Security Operations Program From the Ground Up

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Establish your foundation

The Purpose

  • Identify security obligations and the security operations program’s pressure posture.
  • Assess current people, process, and technology capabilities.
  • Determine foundational controls and complete system and asset inventory.

Key Benefits Achieved

  • Identified the foundational elements needed for planning before a security operations program can be built

Activities

Outputs

1.1

Define workshop objectives and current state of knowledge.

1.2

Define security obligations and assess security pressure posture.

1.3

Determine current knowledge and skill gaps.

1.4

Identify services worth monitoring.

1.5

Document roles and responsibilities.

1.6

Assess and document scope & boundaries (your information system environment).

  • Security Pressure Analysis tool
  • Security Operations RACI tool

Module 2: Security operations capability gap analysis

The Purpose

  • Identify the maturity level of existing security operations program processes.

Key Benefits Achieved

  • Current maturity assessment of security operations processes

Activities

Outputs

2.1

Assess current maturity of security operations capabilities and processes.

2.2

Determine appropriate target state for security operations.

2.3

Identify and document gap closure initiatives.

  • Gap analysis and gap closure initiatives documented in Security Operations Roadmap tool

Module 3: Security operations capability gap analysis (continued)

The Purpose

  • Design your optimized target state.
  • Improve your security operations processes with governance and policy solutions.
  • Identify and prioritize gap initiatives.

Key Benefits Achieved

  • A comprehensive list of initiatives to reach ideal target state
  • Optimized security operations with repeatable and standardized policies

Activities

Outputs

3.1

Assess current maturity of security operations capabilities and processes.

3.2

Determine appropriate target state for security operations.

3.3

Identify and document gap closure initiatives.

  • Gap analysis and gap closure initiatives documented in Security Operations Roadmap tool

Module 4: Develop an implementation roadmap

The Purpose

  • Formalize project strategy with a project charter.
  • Determine your sourcing strategy for in-house or outsourced security operations processes.
  • Assign responsibilities and complete an implementation roadmap.

Key Benefits Achieved

  • An overarching and documented strategy and vision for your security operations
  • A thorough rationale for in-house or outsourced security operations processes
  • Assigned and documented responsibilities for key projects

Activities

Outputs

4.1

Prioritize gap closure initiatives based on cost/benefit and dependencies.

4.2

Construct prioritized roadmap of initiatives organized into execution waves.

4.3

Determine in-house vs. outsourcing rationale.

4.4

Reassess RACI chart.

  • Prioritized roadmap of initiatives
  • Security Operations communication deck
  • In-house vs. outsourcing rationale (*optional/time permitting)
  • Security operations metrics summary (*optional/time permitting)

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.6/10
Overall Impact

$84,390
Average $ Saved

62
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 7-phase advisory process. You'll receive 25 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess your current state
  • Call 1: Project kick-off call
  • Call 2: Assess current people, process, and technology capabilities
  • Call 3: Assess prevention and detection capabilities
  • Call 4: Assess analysis capabilities
  • Call 5: Assess response and collaboration capabilities

Guided Implementation 2: Design your target state
  • Call 1: Assess your security risk profile
  • Call 2: Identify optimization tactics and techniques
  • Call 3: Map out your ideal target state

Guided Implementation 3: Develop an implementation roadmap
  • Call 1: Design a sourcing strategy
  • Call 2: Formalize your implementation roadmap
  • Call 3: Design an actionable measurement program

Guided Implementation 4: Establish your foundation
  • Call 1: Kick-off the project.
  • Call 2: Determine security obligations.
  • Call 3: Assess security pressure posture.
  • Call 4: Define people, process, and technology requirements.

Guided Implementation 5: Assess your current state
  • Call 1: Assess current planning and direction capabilities.
  • Call 2: Assess your prevention and detection capabilities.
  • Call 3: Assess your analysis capabilities.
  • Call 4: Assess your response and collaboration capabilities.

Guided Implementation 6: Design your target state
  • Call 1: Conduct a capacity analysis of current security operations duties.
  • Call 2: Design an optimized state of operations.
  • Call 3: Identify your program gaps and map out initiatives to take you to target state.

Guided Implementation 7: Develop your roadmap
  • Call 1: Design a sourcing strategy.
  • Call 2: Formalize your implementation roadmap.
  • Call 3: Design an actionable measurement program.

Author

Marc Mazur

Contributors

  • Jason Bevis – Senior Director Orchestration Product Management, Office of the CTO
  • Douglas Andre – Director of Cybersecurity, PenFed Credit Union
  • Seth Shestack – Director of Information Security, Temple University
  • Ron Kirkland – Manager of ICT Security & Customer Service, Crawford & Company
  • David Miller – Chief Executive Officer, Uzado
  • Jim Hosley – Director of IT Security, Urban Outfitters
  • Candy Alexander – CISO, Alexander-Advisory
  • Jason Bareiszis – Incident Response Manager, Tetra Tech
  • Trevor Butler – General Manager of IT, City of Lethbridge
  • Fawad Khan – MS Cyber Security Fusion Center, Financial Services
  • Ryan Breed – CTO, Director of Mayhem, Cascade Failure, Inc.
  • Peter Clay – Principal, Zeneth Tech Partners
  • 3 anonymous contributors

Search Code: 73812
Last Revised: March 12, 2020

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019