Business alignment framework for security

In my previous blogs on the role of the CISO, CISO’s first 100 days and developing security strategy and architecture, I described some of the points a security leader should consider initially while formulating an approach to supporting an organisation. I wanted to build on this and summarise some of the business parameters in a high-level framework that can be used as a guide to learn about the company in order to tailor a security strategy accordingly.

This framework can also be used as a due diligence cheat sheet while deciding on or prioritising potential opportunities – feel free to adapt it to your needs.

Customer

  • Who is the customer?
  • What does each customer segment want?
  • Customer concentration and power

Company

  • Vision, mission and values
  • Capabilities and expertise
  • Governance
  • Organisational structure
  • Industry trends
  • Budget / Runway / Finances

Product

  • Nature of product or service (why would someone buy it?)
  • Product or service lifecycle
  • Distribution channels
  • Roadmap (including prioritisation, inputs and outputs)
  • Metrics

People

  • Team size and skills
  • Diversity and inclusion
  • Recruitment and retention
  • Communication
  • Knowledge management

Risks

  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental

Technical

  • Platform and infrastructure
  • IT and operations
  • Compliance regime
  • Security capabilities

2 Comments

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s