What & Why?
Having an information security roadmap helps organizations to identify the business, IT and compliance elements that must be secured to achieve key objectives and goals, and provides key stakeholders with the ability to plan and prioritize strategic IT security investments pertinent to technology implementations, process enhancements and user awareness initiatives. This roadmap attempts to align information security strategic objectives with business strategies. It also incorporates core information security requirements that must be in place to accomplish major enterprise initiatives efficiently and effectively.
intiGrow's way of formulating an Information Security Roadmap is one of ensuring a cohesive security design, which will address the requirements and in particular the risks of a various organizational environments/scenarios, and specifying what security controls are to be applied where.
intiGrow's approach to a comprehensive security roadmap ensures an organization wide view is taken when designing the way forward as mentioned below:
- Conduct a comprehensive assessment of the current security posture for an organization also called "As – Is".
- Identify the current and future threats & plan and prepare the approach to mitigate the threats both internal as well external.
- Comprehensive evaluation of current & sunrise technologies currently being deployed globally to mitigate information security threats and mapping them with the business requirements.
- Design a security program for the organization that includes policies, processes & other artifacts to achieve optimum security by mitigating the risks identified above. Strategic inputs for this would be taken from the business plan & strategic goals of the organization, culture and management policies, budgets & ROI and system architecture. This document is referred to as the "To – be".