Designing security programs is at the core of what we do. Our delivery process is simple and effective:
The first step is to build a contextual frame around the engagement. This entails a breakdown of the business and organization, identification of all stakeholders, drivers & objectives, expected timeframe as well as the work that has already been done.
In order to design and outline the target point, the current defense status must first be understood and examined as a baseline. The objective of the phase is not to dive into maximum depth of every security dimension, but rather to gauge what degree of hygiene maturity is in place and which defense capabilities exist in various critical fields.
The target point for the security program breaks into two distinct scopes: content and time horizon. Content entails a set of multi-layered strategic and operational defense objectives (technological, processual, organizational). Time sets a boundary for when these objectives need to be achieved to adequately support the business.
Based on all previously gathered insights about the business environment, current status quo and targets, an OKR based program roadmap can be developed. The outcome of this process will be a detailed, highly structured and pre-prioritized aggregation of all security objectives relevant for the upcoming period.
Lastly, the developed Security Program will be validated and adjusted through a phase of presentation and discussion with all stakeholders.
We've created the following services for you.
Full OKR based program development in alignment with business objectives.
Review and strategic adjustments of your existing security program.