Target Models are a strategic tool that describe the future state of essential defense capabilities. They answer the question of what exactly needs to be done or in place so that a company is well prepared and can take the necessary steps to combat challenges of tomorrow.
Making the shift towards proactive security management is one of the key challenges for every Organization. The goal is usually twofold: Get ahead of attackers as well as take determined action to address security shortcomings that are already known.
In either case it is important to think strategically and define which exact security capabilities your company needs to have build-up 12 months from now in relation to where it is today - and possibly on an even longer-term trajectory.
We've created the following service for you.
We support our clients in identifying current security shortcomings to then work on designing a clear picture of the desired target state.
The Security Defense Grid describes your collective security defense capabilities alongside the dimensions self-assessment, self-protection, attack detection, response and recovery.
From a Target Model perspective it is important to ensure the Defense Grid is adequate to the threat model and addresses upcoming business requirements.
If you don't have a CISO organization yet, you likely need a target model that outlines its structure and the skills necessary to drive your security program.
If already have a CISO organization, it may well be structured and staffed appropriately today, however strategically it is important to hire ahead of the curve. What specific skills are required and how your teams work together from an organizational point of view should be reflected in your target model.
Part of the Security Defense Grid is a strong underpinning of Key Security Processes which must be in place. Examples include processes for Secure Software Development, CI/CD, Access Management, Vulnerability Management, Incident Response etc.
Your Target Models should reflect what processes are required down the road as well as how specifically they should be designed to cater to culture and security.
Responsibility Models are crucial for effective security management. They describe the distribution of security responsibilities between two or more parties. A lack of clearly delineated responsibility typically leads to noone taking action and hence, breaches.
Your Responsibility Models should reflect delineated responsibility between your security organization and other internal departments (internal-facing) and between your company and external entities such as customers, hosting providers, service providers and more.