Security function review

When determining the level of maturity of a security function, I focus on the following areas and try to answer these questions:

Business alignment

  • Is security strategy aligned with business strategy (including vision and mission)?
  • Is it documented and communicated?
  • Is it supported by the leadership?
  • Is there a guiding policy in place to achieve set objectives?

Governance

  • Have accountable individuals been identified?
  • Have risk management practices been established?
  • Have audit and assurance practices been established?

Operating model

  • Have performance measurement practices been established (including KPI definition)?
  • Have global and regional interfaces been defined?
  • Has team structure and funding been agreed?
Advertisements