Security and risk management (SRM) leaders are often overwhelmed by the expectations of myriad stakeholders. A set of fundamental security services and supporting processes is essential to enable SRM leaders to prioritize and meet the demands of stakeholders.

Recommendations

Security and risk management leaders overseeing an information security management program must:

  • Ensure that the expectations of stakeholders are balanced against each other by implementing the appropriate governance.

  • Define, document and deliver a set of core security services expected of every security program to meet a minimum standard of due care expected by their Stakeholders.

  • Keep pace with changes by embedding security in processes responsible for implementing change within the organization.

  • Demonstrate a plan for ongoing improvement of the security program and reduction of risk by using effective risk management and Gartner’s IT Score assessment