Build a Service-Based Security Resourcing Plan
Every security program is unique; resourcing allocations should reflect this.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Security leaders know that every organization is unique and will need different security resource allocations.
- But all too often, they lean on staffing benchmarks to justify their requests for resources.
- While staffing benchmarks are useful for quick peer-to-peer validation and decision making, they tend to reduce security programs down to a set of averages, which can be misleading when used out of context.
A service-aligned security resourcing strategy will put your organization in the best position to:
- Respond to current and future service demands.
- Address business needs as they evolve over time.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Define Roles and Select Services
The Purpose
- Identify the roles needed to implement and deliver your organization’s security services.
Key Benefits Achieved
- A security services portfolio allows you to assign job roles to each service, which is the first step towards determining resourcing needs. Improve employee engagement and satisfaction with clearly defined job roles, responsibilities, and service levels.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Assess security needs and business pressures. |
|
| 1.2 | Define security job roles. |
|
| 1.3 | Define security services and assign ownership. |
|
Module 2: Estimate Current and Future Demand
The Purpose
- Estimate the actual demand for security resources and determine how to allocate resources accordingly.
Key Benefits Achieved
- Allocate resources more effectively across your Security and Risk teams.
- Raise the profile of your security team by aligning security service offerings with the demands of the business.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Estimate current and future demand. |
|
| 2.2 | Review demand summary. |
|
| 2.3 | Allocate resources where they are needed the most. |
|
Module 3: Identify Required Skills
The Purpose
When defining roles, consider the competencies needed to deliver your security services. Make sure to account for this need in your resource planning.
Key Benefits Achieved
Leverage the NCWF to establish the building blocks of a capable and ready cybersecurity workforce to effectively identify, recruit, develop and maintain cybersecurity talent.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Identify skills needed for planned initiatives. |
|
| 3.2 | Prioritize your skill requirements. |
|
| 3.3 | Assign work roles to the needs of your target environment. |
|
| 3.4 | Discuss the NICE cybersecurity workforce framework. |
|
| 3.5 | Develop technical skill requirements for current and future work roles. |
|
Module 4: Future Planning
The Purpose
Create a development plan to train and upskill your employees to address current and future service requirements.
Key Benefits Achieved
- Skill needs are based on the strategic requirements of a business-aligned security program.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Continue developing technical skill requirements for current and future work roles. |
|
| 4.2 | Conduct current workforce skills assessment. |
|
| 4.3 | Develop a plan to acquire skills. |
|
| 4.4 | Discuss training and certification opportunities for staff. |
|
| 4.5 | Discuss next steps for closing the skills gap. |
|
| 4.6 | Debrief. |
|