Business alignment framework for security

In my previous blogs on the role of the CISO, CISO’s first 100 days and developing security strategy and architecture, I described some of the points a security leader should consider initially while formulating an approach to supporting an organisation. I wanted to build on this and summarise some of the business parameters in a high-level framework that can be used as a guide to learn about the company in order to tailor a security strategy accordingly.

This framework can also be used as a due diligence cheat sheet while deciding on or prioritising potential opportunities – feel free to adapt it to your needs.


  • Who is the customer?
  • What does each customer segment want?
  • Customer concentration and power


  • Vision, mission and values
  • Capabilities and expertise
  • Governance
  • Organisational structure
  • Industry trends
  • Budget / Runway / Finances


  • Nature of product or service (why would someone buy it?)
  • Product or service lifecycle
  • Distribution channels
  • Roadmap (including prioritisation, inputs and outputs)
  • Metrics


  • Team size and skills
  • Diversity and inclusion
  • Recruitment and retention
  • Communication
  • Knowledge management


  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental


  • Platform and infrastructure
  • IT and operations
  • Compliance regime
  • Security capabilities


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s