SlideShare a Scribd company logo

Build and Information Security Strategy

Download as PPTX, PDF
Info-Tech Research Group
Info-Tech Research Group

Your Challenge Organizations are struggling to keep up with today’s evolving threat landscape. From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations. Our Advice Critical Insight Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how to assess it. Alignment can be a difficult area for security to get right when it’s trying to balance both regular IT and the business. Communication is needed between the business leaders, IT leaders, and the security team for an effective security strategy to be in place. Impact and Result Info-Tech has analyzed and integrated regulatory and industry best practice frameworks, combining COBIT 5, PCI DSS, ISO 27000, NIST SP800-53, and SANS to ensure an exhaustive approach to security. Through this process, a comprehensive current state assessment, gap analysis, and initiative generation ensures that nothing is left off the table. This project will elevate the perception of the security team from being a hindrance to the organization to an enabler.

Technology
1 of 13
Info-Tech Research Group 1Info-Tech Research Group 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2015 Info-Tech Research Group Inc.
Info-Tech Research Group 2Info-Tech Research Group 2 This Research is Designed For: This Research Will Help You: This Research Will Assist: This Research Will Help You: This Research Is Designed For: This Research Will Help You: This Research Will Also Assist: This Research Will Help Them: Our understanding of the problem Security leaders or IT leaders who are tasked with developing a security strategy CISOs/CSOs who would like to improve their security strategy and ensure that it is comprehensive enough for today’s threat landscape Understand current security practices capabilities and performance Understand your security obligations, scope, boundaries, and responsibilities Establish a security target state based on your organizational context Develop a strategy and roadmap to help you achieve your security target state CEOs and other business leaders who want to understand which elements should be involved in a good security strategy Understand the value of good security practices
Info-Tech Research Group 3Info-Tech Research Group 3 Resolution Situation Complication Info-Tech Insight Executive Summary Technology sophistication and business adoption, the proliferation of hacking techniques, and the expansion of hacking motivations from financial to now social, political, or strategic motivations have resulted in organizations facing major security risk. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressures from regulatory or legal obligations, customer requirements, and now senior management expectations. Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how, not to mention an assessment alone is only the starting point. Senior management wants to know that adequate targets have been determined and there is a robust plan on how they are going to be met. Info-Tech has developed and tested a robust information security framework with supporting methodologies to generate your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap: • Info-Tech’s best of breed security framework combines COBIT 5, PCI DSS, ISO 27000 series, NIST SP 800-53, and SANS security components to ensure all areas of security are considered and covered. • Robust security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensure the security strategy is built in alignment to and support of enterprise and IT strategies and plans. • A comprehensive current state assessment, gap analysis, and initiative generation ensures nothing is left off the table. • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but the one the organization will support. Best of Breed It’s hard to know which security framework is best. Info-Tech analyzed and integrated frameworks to ensure an exhaustive approach to security. Alignment Security is still a friction point and viewed as a cost center. Align your security strategy with corporate and IT strategies to ensure support. Communication To have a strategy implemented, you need to communicate to stakeholders in their language and show their concerns and perspectives were accounted for.
Info-Tech Research Group 4Info-Tech Research Group 4 Use these icons to help direct you as you navigate this research This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team analysts, who will come onsite to facilitate a workshop for your organization. Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
Info-Tech Research Group 5Info-Tech Research Group 5 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Diagnostics and consistent frameworks used throughout all four options Info-Tech offers various levels of support to best suit your needs
Info-Tech Research Group 6Info-Tech Research Group 6 Best-Practice Toolkit 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security risk profile 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Build a security charter 4.3 Build the security program organizational structure 4.4 Create a change and communication plan 4.5 Develop a metrics program 4.6 Develop a security services catalog Guided Implementations Review the scope of the security strategy plans Define the organizational risk tolerance Assess the security risk profile of the business Perform a current state assessment of the security controls Determine the future target state of the security controls Identify existing gaps and create gap initiatives to close the gaps Determine the benefit, cost, and resources needed for each initiative Build a roadmap based on the security initiatives Optimize your strategy Onsite Workshop Module 1: Assess Security Requirements Module 2: Perform a Gap Analysis Module 3: Continue the Gap Analysis Module 4: Plan for the Transition Phase 1 Results: • Security obligations statement • Security scope and boundaries statement • Security risk profile • Defined risk tolerance level Phase 2 Results: • Current security capabilities • Target future state defined Phase 3 Results: • Security program gaps identified • Gap initiatives defined • Estimated effort, budget, and resource readiness assessment Phase 4 Results: • Security roadmap and action plan • Security charter • Change and communication plan • Metrics program • Security services catalog Assess Security Requirements Perform a Gap Analysis Develop Gap Initiatives Plan for the Transition Information security project overview
Info-Tech Research Group 7Info-Tech Research Group 7 Workshop overview Contact your account representative or email Workshops@InfoTech.com for more information. Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5 Activities Assess security requirements Perform a gap analysis Develop gap initiatives Plan for the transition Communicate and implement 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security pressure posture 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Create a change and communication plan 4.3a Build a security charter 4.3b Build the security program organizational structure 4.3c Develop a metrics program 4.3d Develop a security services catalog 5.1 Finalize deliverables 5.2 Support communication efforts 5.3 Identify resources in support of priority initiatives Deliverables 1. Security obligations statement 2. Security scope and boundaries statement 3. Defined risk tolerance level 4. Security pressure posture 1. Security capabilities and performance report 2. Security future state 1. Future state–current state gap analysis 2. Initiatives to address the gap 3. Estimated effort needed 4. Budget & resource readiness analysis 1. Security roadmap and action plan 2. Security charter 3. Change and communication plan 4. Metrics program 5. Security services catalog 1. Security strategy and roadmap deck/document 2. Mapping of Info-Tech resources against individual initiatives
Info-Tech Research Group 8Info-Tech Research Group 8 Info-Tech’s framework integrates several best practices to create a best-of-breed security framework COBIT 5 ISO 27000 Series Comprehensive standard providing best practices associated with each control PCI-DSS Provides more detailed instructions than most other best practices but not much breadth SANS Twenty Critical Security Controls Provides a great list of controls for effective cyber defence NIST SP800 Series Provides a detailed list of security controls along with many implementation best practices intended for federal information systems and organizations COBIT 5 for Security More principle and process-based than other best practices SANS Critical Controls NIST SP800- 53 ISO 27000 series PCI-DSS Info-Tech’s Best-of-Breed Information Security Framework
Info-Tech Research Group 9Info-Tech Research Group 9 Practical component level of Information Security Program Framework InformationSecurityFramework GovernanceManagement Context and Leadership Evaluation and Direction Compliance, Audit and Review Information Security Charter Culture and Awareness Information Security Organizational Structure Security Risk Management Security Strategy and Communication Security Policies Security Compliance Management External Security Audit Management Review of Security Internal Security Audit Prevention Detection Response and Recovery Measurement Identity and Access Management Identity Security Data Security Hardware Asset Management Data Security & Privacy Infrastructure Security Network Security Metrics Program Endpoint Security Malicious Code Application Security Vulnerability Management Cryptography Management Physical Security Configuration and Change Management Vendor Management Security Threat Detection Log and Event Management Security Incident Management Security eDiscovery and Forensics Backup and Recovery Information Security in BCM Continuous Improvement Change and Support HR Security HR Security Cloud Security
Info-Tech Research Group 10Info-Tech Research Group 10 Domain level of Information Security Program FrameworkInformationSecurityFramework Governance Management Prevention Detection Response and Recovery Assurance Measurement Metrics Program Continuous Improvement Context and Leadership Evaluation and Direction Compliance, Audit and Review Management Commitment Strategic Alignment Confident or Risk/Compliance Posture Defence in Depth People, Process, Technology Flexibility to Trends Result-Orientated Transparency Continuous Improvement
Info-Tech Research Group 11Info-Tech Research Group 11 Info-Tech’s Information Security Methodology and Maturity Level Model Context and Leadership Evaluation and Direction Compliance and Review Prevention Detection Response and Recovery Measurement ML: 5 ML: 4 ML: 3 ML: 2 ML: 1 Each security area has five possible maturity levels • This generates a security maturity matrix and is the basis for the framework. Collectively, these seven areas form Info-Tech’s information Security Framework • These areas were designed by Info-Tech to be process- and management-based areas that can be evaluated independently of each other. • Each security component has many sub-components 1 2 All seven security areas are evaluated on the five-level maturity model • Using info-Tech scoring methodology, sub components are evaluated individually with the aggregate scores generating the component scores. 3 Target scores for each security area are identified • The security maturity model is used to identify maturity levels that meet the organization’s security requirements. • From the current state maturity levels and target levels, gaps are identified and developed into initiatives to be completed. 4 The best advice I can give is to bring everything together end to end. Don’t limit yourself in any one focused area…If you take an end-to-end approach instead of trying to focus on specific areas and compartmentalize them, you will be 100% more successful. – Technology Services, USA Building a holistic framework ensures that all your bases are covered while preventing duplications of the same functions, resulting in a more efficient program.
Info-Tech Research Group 12Info-Tech Research Group 12 Navigate the 4 phases of the blueprint using this table of contents and deliverables Phase 1: Assess security requirements Phase 2: Perform a gap analysis Phase 3: Develop gap initiatives Phase 4: Plan for the transition 1.1 Introduce Security Management 2.1 Assess current security capabilities 3.1 Identify security gaps 4.1 Finalize the security roadmap and action plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool 1.2 Understand business and IT strategy plans 2.2 Review penetration test results 3.2 Build initiatives to bridge the gap 4.2 Build a security charter Template: Information Security Strategy Workbook Template Prerequisite: Penetration Test Results Report Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Information Security Charter Template 1.3 Define security obligations, scope, and boundaries 2.3 Define security target state 3.3 Estimate resources needed 4.3 Build the security program organizational structure Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Security Governance Organizational Structure Template 1.4 Define risk tolerance level 3.4 Prioritize gap initiatives 4.4 Create a change and communication plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Information Security Communication Plan Template 1.5 Assess security risk profile 3.5 Determine start time and accountability 4.5 Develop a metrics program Tool: Security Pressure Posture Analysis Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Security Metrics Tool 4.6 Develop a security services catalog Template: Security Services Catalog
Info-Tech Research Group 13Info-Tech Research Group 13 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com  Quickly get up to speed with new technologies  Make the right technology purchasing decisions – fast  Deliver critical IT projects, on time and within budget  Manage business expectations  Justify IT spending and prove the value of IT  Train IT staff and effectively manage an IT department •“Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889 Click to learn more about how Info-Tech can help your organization.

Recommended

Introduction to Business Architecture - Part 2
Introduction to Business Architecture - Part 2Introduction to Business Architecture - Part 2
Introduction to Business Architecture - Part 2Alan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution ArchitectureAlan McSweeney
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
So You Think You Need A Digital Strategy
So You Think You Need A Digital StrategySo You Think You Need A Digital Strategy
So You Think You Need A Digital StrategyAlan McSweeney
 
Review of Data Management Maturity Models
Review of Data Management Maturity ModelsReview of Data Management Maturity Models
Review of Data Management Maturity ModelsAlan McSweeney
 

Recommended

Introduction to Business Architecture - Part 2
Introduction to Business Architecture - Part 2Introduction to Business Architecture - Part 2
Introduction to Business Architecture - Part 2Alan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Complexity and Solution Architecture
Complexity and Solution ArchitectureComplexity and Solution Architecture
Complexity and Solution ArchitectureAlan McSweeney
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
So You Think You Need A Digital Strategy
So You Think You Need A Digital StrategySo You Think You Need A Digital Strategy
So You Think You Need A Digital StrategyAlan McSweeney
 
Review of Data Management Maturity Models
Review of Data Management Maturity ModelsReview of Data Management Maturity Models
Review of Data Management Maturity ModelsAlan McSweeney
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesSlideTeam
 
IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2Mohamed Zakarya Abdelgawad
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model DesignJoseph Schwartz
 
Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Nathaniel Palmer
 
Capability Model_Data Governance
Capability Model_Data GovernanceCapability Model_Data Governance
Capability Model_Data GovernanceSteve Novak
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingRob Akershoek
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Togaf 9.2 Introduction
Togaf 9.2 IntroductionTogaf 9.2 Introduction
Togaf 9.2 IntroductionMohamed Zakarya Abdelgawad
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...Simplilearn
 
Nicola Askham Key concepts in data governance
Nicola Askham Key concepts in data governanceNicola Askham Key concepts in data governance
Nicola Askham Key concepts in data governanceBCS Data Management Specialist Group
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceDATAVERSITY
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Design Science and Solution Architecture
Design Science and Solution ArchitectureDesign Science and Solution Architecture
Design Science and Solution ArchitectureAlan McSweeney
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeDATAVERSITY
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4ITDavid Favelle
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
Become a Transformational CIO
Become a Transformational CIOBecome a Transformational CIO
Become a Transformational CIOInfo-Tech Research Group
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration StrategyInfo-Tech Research Group
 

More Related Content

What's hot

Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesSlideTeam
 
IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2Mohamed Zakarya Abdelgawad
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model DesignJoseph Schwartz
 
Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Nathaniel Palmer
 
Capability Model_Data Governance
Capability Model_Data GovernanceCapability Model_Data Governance
Capability Model_Data GovernanceSteve Novak
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingRob Akershoek
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...Simplilearn
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceDATAVERSITY
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Design Science and Solution Architecture
Design Science and Solution ArchitectureDesign Science and Solution Architecture
Design Science and Solution ArchitectureAlan McSweeney
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeDATAVERSITY
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4ITDavid Favelle
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 

What's hot (20)

Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF Overview
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation Slides
 
IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2IT4IT - The Full Story for Digital Transformation - Part 2
IT4IT - The Full Story for Digital Transformation - Part 2
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model Design
 
Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)
 
Capability Model_Data Governance
Capability Model_Data GovernanceCapability Model_Data Governance
Capability Model_Data Governance
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Togaf 9.2 Introduction
Togaf 9.2 IntroductionTogaf 9.2 Introduction
Togaf 9.2 Introduction
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...
 
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
 
Nicola Askham Key concepts in data governance
Nicola Askham Key concepts in data governanceNicola Askham Key concepts in data governance
Nicola Askham Key concepts in data governance
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data Governance
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Design Science and Solution Architecture
Design Science and Solution ArchitectureDesign Science and Solution Architecture
Design Science and Solution Architecture
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best Practice
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001
 

Viewers also liked

Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsInfo-Tech Research Group
 
ICT Strategic Planning
ICT Strategic PlanningICT Strategic Planning
ICT Strategic PlanningSuzie Vesper
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityGareth Davies
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy DevelopmentAlan McSweeney
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and RoadmapAndrew Byers
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Viewers also liked (13)

Become a Transformational CIO
Become a Transformational CIOBecome a Transformational CIO
Become a Transformational CIO
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration Strategy
 
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
 
Define an EA Operating Model
Define an EA Operating ModelDefine an EA Operating Model
Define an EA Operating Model
 
ICT Strategic Planning
ICT Strategic PlanningICT Strategic Planning
ICT Strategic Planning
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information security management
Information security managementInformation security management
Information security management
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and Roadmap
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Build and Information Security Strategy

Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guideColleen Johnson
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnicalJack585826
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & cAmit Patil
 
In this assignment we will take a look at a given project scen.docx
In this assignment we will take a look at a given project scen.docxIn this assignment we will take a look at a given project scen.docx
In this assignment we will take a look at a given project scen.docxjaggernaoma
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
Assignment You will conduct a systems analysis project by .docx
Assignment You will conduct a systems analysis project by .docxAssignment You will conduct a systems analysis project by .docx
Assignment You will conduct a systems analysis project by .docxfestockton
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterDavid Sweigert
 
Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Lanate Drummond
 
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docxTerm Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docxfelicitytaft14745
 

Similar to Build and Information Security Strategy (20)

Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guide
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docx
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
In this assignment we will take a look at a given project scen.docx
In this assignment we will take a look at a given project scen.docxIn this assignment we will take a look at a given project scen.docx
In this assignment we will take a look at a given project scen.docx
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
Assignment You will conduct a systems analysis project by .docx
Assignment You will conduct a systems analysis project by .docxAssignment You will conduct a systems analysis project by .docx
Assignment You will conduct a systems analysis project by .docx
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
 
Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...
 
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docxTerm Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
 

More from Info-Tech Research Group

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionInfo-Tech Research Group
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleInfo-Tech Research Group
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapInfo-Tech Research Group
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramInfo-Tech Research Group
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationInfo-Tech Research Group
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureInfo-Tech Research Group
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyInfo-Tech Research Group
 
Implement an enterprise service bus revised
Implement an enterprise service bus revisedImplement an enterprise service bus revised
Implement an enterprise service bus revisedInfo-Tech Research Group
 
Stay on Top of Today’s and Tomorrow’s Mobile App Trends
Stay on Top of Today’s and Tomorrow’s Mobile App TrendsStay on Top of Today’s and Tomorrow’s Mobile App Trends
Stay on Top of Today’s and Tomorrow’s Mobile App TrendsInfo-Tech Research Group
 
Create a right sized disaster recovery plan
Create a right sized disaster recovery planCreate a right sized disaster recovery plan
Create a right sized disaster recovery planInfo-Tech Research Group
 

More from Info-Tech Research Group (20)

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sample
 
Optimize Change Management
Optimize Change ManagementOptimize Change Management
Optimize Change Management
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure Roadmap
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
 
Standardize the Service Desk
Standardize the Service DeskStandardize the Service Desk
Standardize the Service Desk
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and Prioritization
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration Infrastructure
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
 
Info-Tech Membership Overview
Info-Tech Membership OverviewInfo-Tech Membership Overview
Info-Tech Membership Overview
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management Strategy
 
Implement an enterprise service bus revised
Implement an enterprise service bus revisedImplement an enterprise service bus revised
Implement an enterprise service bus revised
 
Implement a Shared Services Model
Implement a Shared Services ModelImplement a Shared Services Model
Implement a Shared Services Model
 
Assess and Optimize EA Capability
Assess and Optimize EA CapabilityAssess and Optimize EA Capability
Assess and Optimize EA Capability
 
Survive an Impending Audit
Survive an Impending AuditSurvive an Impending Audit
Survive an Impending Audit
 
Stay on Top of Today’s and Tomorrow’s Mobile App Trends
Stay on Top of Today’s and Tomorrow’s Mobile App TrendsStay on Top of Today’s and Tomorrow’s Mobile App Trends
Stay on Top of Today’s and Tomorrow’s Mobile App Trends
 
Fast track critical leadership skills
Fast track critical leadership skillsFast track critical leadership skills
Fast track critical leadership skills
 
Enterprise mobility management
Enterprise mobility managementEnterprise mobility management
Enterprise mobility management
 
Create a right sized disaster recovery plan
Create a right sized disaster recovery planCreate a right sized disaster recovery plan
Create a right sized disaster recovery plan
 

Recently uploaded

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Build and Information Security Strategy

  • 1. Info-Tech Research Group 1Info-Tech Research Group 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2015 Info-Tech Research Group Inc.
  • 2. Info-Tech Research Group 2Info-Tech Research Group 2 This Research is Designed For: This Research Will Help You: This Research Will Assist: This Research Will Help You: This Research Is Designed For: This Research Will Help You: This Research Will Also Assist: This Research Will Help Them: Our understanding of the problem Security leaders or IT leaders who are tasked with developing a security strategy CISOs/CSOs who would like to improve their security strategy and ensure that it is comprehensive enough for today’s threat landscape Understand current security practices capabilities and performance Understand your security obligations, scope, boundaries, and responsibilities Establish a security target state based on your organizational context Develop a strategy and roadmap to help you achieve your security target state CEOs and other business leaders who want to understand which elements should be involved in a good security strategy Understand the value of good security practices
  • 3. Info-Tech Research Group 3Info-Tech Research Group 3 Resolution Situation Complication Info-Tech Insight Executive Summary Technology sophistication and business adoption, the proliferation of hacking techniques, and the expansion of hacking motivations from financial to now social, political, or strategic motivations have resulted in organizations facing major security risk. Every organization needs some kind of information security program to protect their systems and assets. Organizations today face pressures from regulatory or legal obligations, customer requirements, and now senior management expectations. Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how, not to mention an assessment alone is only the starting point. Senior management wants to know that adequate targets have been determined and there is a robust plan on how they are going to be met. Info-Tech has developed and tested a robust information security framework with supporting methodologies to generate your organization’s comprehensive, highly actionable, and measurable security strategy and roadmap: • Info-Tech’s best of breed security framework combines COBIT 5, PCI DSS, ISO 27000 series, NIST SP 800-53, and SANS security components to ensure all areas of security are considered and covered. • Robust security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensure the security strategy is built in alignment to and support of enterprise and IT strategies and plans. • A comprehensive current state assessment, gap analysis, and initiative generation ensures nothing is left off the table. • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but the one the organization will support. Best of Breed It’s hard to know which security framework is best. Info-Tech analyzed and integrated frameworks to ensure an exhaustive approach to security. Alignment Security is still a friction point and viewed as a cost center. Align your security strategy with corporate and IT strategies to ensure support. Communication To have a strategy implemented, you need to communicate to stakeholders in their language and show their concerns and perspectives were accounted for.
  • 4. Info-Tech Research Group 4Info-Tech Research Group 4 Use these icons to help direct you as you navigate this research This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team analysts, who will come onsite to facilitate a workshop for your organization. Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
  • 5. Info-Tech Research Group 5Info-Tech Research Group 5 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Diagnostics and consistent frameworks used throughout all four options Info-Tech offers various levels of support to best suit your needs
  • 6. Info-Tech Research Group 6Info-Tech Research Group 6 Best-Practice Toolkit 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security risk profile 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Build a security charter 4.3 Build the security program organizational structure 4.4 Create a change and communication plan 4.5 Develop a metrics program 4.6 Develop a security services catalog Guided Implementations Review the scope of the security strategy plans Define the organizational risk tolerance Assess the security risk profile of the business Perform a current state assessment of the security controls Determine the future target state of the security controls Identify existing gaps and create gap initiatives to close the gaps Determine the benefit, cost, and resources needed for each initiative Build a roadmap based on the security initiatives Optimize your strategy Onsite Workshop Module 1: Assess Security Requirements Module 2: Perform a Gap Analysis Module 3: Continue the Gap Analysis Module 4: Plan for the Transition Phase 1 Results: • Security obligations statement • Security scope and boundaries statement • Security risk profile • Defined risk tolerance level Phase 2 Results: • Current security capabilities • Target future state defined Phase 3 Results: • Security program gaps identified • Gap initiatives defined • Estimated effort, budget, and resource readiness assessment Phase 4 Results: • Security roadmap and action plan • Security charter • Change and communication plan • Metrics program • Security services catalog Assess Security Requirements Perform a Gap Analysis Develop Gap Initiatives Plan for the Transition Information security project overview
  • 7. Info-Tech Research Group 7Info-Tech Research Group 7 Workshop overview Contact your account representative or email Workshops@InfoTech.com for more information. Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5 Activities Assess security requirements Perform a gap analysis Develop gap initiatives Plan for the transition Communicate and implement 1.1 Introduce security management 1.2 Understand business and IT strategy and plans 1.3 Define security obligations, scope, and boundaries 1.4 Define risk tolerance level 1.5 Assess security pressure posture 2.1 Assess current security capabilities and performance 2.2 Review pen test results 2.3 Define security target state 3.1 Identify security gaps 3.2 Build initiatives to bridge the gap 3.3 Estimate the resources needed 3.4 Prioritize gap initiatives 3.5 Determine start time and accountability 4.1 Finalize security roadmap and action plan 4.2 Create a change and communication plan 4.3a Build a security charter 4.3b Build the security program organizational structure 4.3c Develop a metrics program 4.3d Develop a security services catalog 5.1 Finalize deliverables 5.2 Support communication efforts 5.3 Identify resources in support of priority initiatives Deliverables 1. Security obligations statement 2. Security scope and boundaries statement 3. Defined risk tolerance level 4. Security pressure posture 1. Security capabilities and performance report 2. Security future state 1. Future state–current state gap analysis 2. Initiatives to address the gap 3. Estimated effort needed 4. Budget & resource readiness analysis 1. Security roadmap and action plan 2. Security charter 3. Change and communication plan 4. Metrics program 5. Security services catalog 1. Security strategy and roadmap deck/document 2. Mapping of Info-Tech resources against individual initiatives
  • 8. Info-Tech Research Group 8Info-Tech Research Group 8 Info-Tech’s framework integrates several best practices to create a best-of-breed security framework COBIT 5 ISO 27000 Series Comprehensive standard providing best practices associated with each control PCI-DSS Provides more detailed instructions than most other best practices but not much breadth SANS Twenty Critical Security Controls Provides a great list of controls for effective cyber defence NIST SP800 Series Provides a detailed list of security controls along with many implementation best practices intended for federal information systems and organizations COBIT 5 for Security More principle and process-based than other best practices SANS Critical Controls NIST SP800- 53 ISO 27000 series PCI-DSS Info-Tech’s Best-of-Breed Information Security Framework
  • 9. Info-Tech Research Group 9Info-Tech Research Group 9 Practical component level of Information Security Program Framework InformationSecurityFramework GovernanceManagement Context and Leadership Evaluation and Direction Compliance, Audit and Review Information Security Charter Culture and Awareness Information Security Organizational Structure Security Risk Management Security Strategy and Communication Security Policies Security Compliance Management External Security Audit Management Review of Security Internal Security Audit Prevention Detection Response and Recovery Measurement Identity and Access Management Identity Security Data Security Hardware Asset Management Data Security & Privacy Infrastructure Security Network Security Metrics Program Endpoint Security Malicious Code Application Security Vulnerability Management Cryptography Management Physical Security Configuration and Change Management Vendor Management Security Threat Detection Log and Event Management Security Incident Management Security eDiscovery and Forensics Backup and Recovery Information Security in BCM Continuous Improvement Change and Support HR Security HR Security Cloud Security
  • 10. Info-Tech Research Group 10Info-Tech Research Group 10 Domain level of Information Security Program FrameworkInformationSecurityFramework Governance Management Prevention Detection Response and Recovery Assurance Measurement Metrics Program Continuous Improvement Context and Leadership Evaluation and Direction Compliance, Audit and Review Management Commitment Strategic Alignment Confident or Risk/Compliance Posture Defence in Depth People, Process, Technology Flexibility to Trends Result-Orientated Transparency Continuous Improvement
  • 11. Info-Tech Research Group 11Info-Tech Research Group 11 Info-Tech’s Information Security Methodology and Maturity Level Model Context and Leadership Evaluation and Direction Compliance and Review Prevention Detection Response and Recovery Measurement ML: 5 ML: 4 ML: 3 ML: 2 ML: 1 Each security area has five possible maturity levels • This generates a security maturity matrix and is the basis for the framework. Collectively, these seven areas form Info-Tech’s information Security Framework • These areas were designed by Info-Tech to be process- and management-based areas that can be evaluated independently of each other. • Each security component has many sub-components 1 2 All seven security areas are evaluated on the five-level maturity model • Using info-Tech scoring methodology, sub components are evaluated individually with the aggregate scores generating the component scores. 3 Target scores for each security area are identified • The security maturity model is used to identify maturity levels that meet the organization’s security requirements. • From the current state maturity levels and target levels, gaps are identified and developed into initiatives to be completed. 4 The best advice I can give is to bring everything together end to end. Don’t limit yourself in any one focused area…If you take an end-to-end approach instead of trying to focus on specific areas and compartmentalize them, you will be 100% more successful. – Technology Services, USA Building a holistic framework ensures that all your bases are covered while preventing duplications of the same functions, resulting in a more efficient program.
  • 12. Info-Tech Research Group 12Info-Tech Research Group 12 Navigate the 4 phases of the blueprint using this table of contents and deliverables Phase 1: Assess security requirements Phase 2: Perform a gap analysis Phase 3: Develop gap initiatives Phase 4: Plan for the transition 1.1 Introduce Security Management 2.1 Assess current security capabilities 3.1 Identify security gaps 4.1 Finalize the security roadmap and action plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool 1.2 Understand business and IT strategy plans 2.2 Review penetration test results 3.2 Build initiatives to bridge the gap 4.2 Build a security charter Template: Information Security Strategy Workbook Template Prerequisite: Penetration Test Results Report Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Information Security Charter Template 1.3 Define security obligations, scope, and boundaries 2.3 Define security target state 3.3 Estimate resources needed 4.3 Build the security program organizational structure Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Template: Security Governance Organizational Structure Template 1.4 Define risk tolerance level 3.4 Prioritize gap initiatives 4.4 Create a change and communication plan Template: Information Security Strategy Workbook Template Tool: Information Security Program Gap Analysis and Roadmap Tool Information Security Communication Plan Template 1.5 Assess security risk profile 3.5 Determine start time and accountability 4.5 Develop a metrics program Tool: Security Pressure Posture Analysis Tool Tool: Information Security Program Gap Analysis and Roadmap Tool Tool: Security Metrics Tool 4.6 Develop a security services catalog Template: Security Services Catalog
  • 13. Info-Tech Research Group 13Info-Tech Research Group 13 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com  Quickly get up to speed with new technologies  Make the right technology purchasing decisions – fast  Deliver critical IT projects, on time and within budget  Manage business expectations  Justify IT spending and prove the value of IT  Train IT staff and effectively manage an IT department •“Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889 Click to learn more about how Info-Tech can help your organization.