1 / 15

< Team_Name > Information Security Strategy

< Team_Name > Information Security Strategy. Date. Security Strategy Outline. Mission & Vision Security Drivers & Business Case Strategy Components IT Security Ecosystem Current State: IT Ecosystem < Team_Name > Security Services Current State : < Team_Name > Services Initiatives

ellery
Download Presentation

< Team_Name > Information Security Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. <Team_Name> Information Security Strategy Date

  2. Security Strategy Outline • Mission & Vision • Security Drivers & Business Case • Strategy Components • IT Security Ecosystem • Current State: IT Ecosystem • <Team_Name> Security Services • Current State: <Team_Name> Services • Initiatives • Communication • Metrics • Appendix: Organization Chart

  3. <Team_name> Enable Business success by assessing, communicating, and mitigating risk to an acceptable level through efficient and agile service. Our Mission Our Vision is integrated security throughout the business and IT.

  4. Why Develop a Security Strategy? Communicate our value, set direction, and build support. New Business Drivers Facilitate Risk-Based Decisions to Achieve Business Goals Due Care in a Connected World Deliver Efficient, Accountable Security Services Regulatory Requirements Manage Compliant- Ready Services

  5. Security Strategy Components Our Team accomplishes our mission across four key areas:

  6. IT Security Ecosystem Information Security must be integrated across the diverse and dynamic IT landscape supporting our business. Access is proactively managed across the identity lifecycle Networks are available, monitored, and resilient Applications are developed and managed securely Data is classified, known, & protected throughout its lifecycle A diverse collection of devices configured and managed for security

  7. IT Security Ecosystem: Current State

  8. <Team_Name> Services People, Processes, & Technology managing risk across the IT Ecosystem

  9. Primary Services: Current State Notes: Maturity Column: Use CMMI if your organization is familiar with the model Capacity: colors/desc. for “over staffed” (too many folks, need re-org), under staffed/over capacity (need more heads approved or budget to augment), unable to hire (open heads, slow to be filled) Org. Alignment: process centralized/decentralized is optimal (green), re-org in future (yellow), re-org now (red)

  10. Key Investment Initiatives

  11. Communication Mission success requires stakeholder awareness, support, & participation

  12. Balanced Security Scorecard (Example) • Security Foundation • % Budget Plan to Forecast • % Initiatives On Budget • +/- Employee Sat. Survey • % Headcount Capacity • Strengthen Posture • Security Index +/- to Target • % of post-production bugs as security • % +/- Business impacting incidents • % Devices managed for security • Invest Strategically • % spend on BAU vs. Improvement • # Process Improvements Efforts Delivered • <key business initiative> progress • Enable Business • % of Business Unit Strategies Reviewed Quarterly • % Business Projects Consulted • % SLA’s met or exceeded

  13. Key Service Metrics Business relevant metrics communicate progress and ensure accountability.

  14. Security Strategy Appendix

  15. <Team_Name> Organization

More Related