What are the key parameters while defining the security strategy which covers Design, Scope, POC, Implementation and final review?

2.6k views52 Upvotes8 Comments

Training and Assessment Operations in Education, 501 - 1,000 employees
Design thinking in the respective area with ideation. Also, developing comprehensive SOP and key deliverables for the stakeholder involved.
It should start with ideation
Head of ISG in Finance (non-banking), 5,001 - 10,000 employees
As the company moves more and more of its operations onto the cloud over time, the security teams need to update their strategy, architectures, and technologies to keep up. While the magnitude of the changes and the sheer number of them may at first appear to be overwhelming, the modernization of the security program makes it possible for the security team to cast off some of the painful burdens associated with legacy approaches. An organization is able to temporarily function with legacy strategy and tooling, but it is challenging to continue this approach given the rate at which cloud technology and the threat environment are evolving:

If security teams continue to adhere to the outdated mentality of "arms-length" security, in which the initial response to any question about cloud adoption should be "no," there is a good chance that they will be excluded from the decision-making process (instead of working together with IT and business teams to reduce risk while enabling the business).
If security teams only make use of legacy on-premises tools and strictly adhere to the network perimeter-only doctrine for all of their defences and monitoring, then they will have a difficult time detecting and defending against attacks that originate in the cloud.
lead consultant in Travel and Hospitality, 501 - 1,000 employees
critical process
IT Manager in Education, 201 - 500 employees
Process is critical
Communications Analyst in Banking, 10,001+ employees
-Identify and assess risks associated with the system
-Define security policies and procedures
-Develop security architecture
-Identify suitable security controls
-Identify compliance requirements

-Define scope of the security strategy
-Define the scope of the security implementation
-Outline scope of the security system

-Test security policies and procedures
-Test security controls
-Verify security architecture
-Test compliance requirements

-Develop implementation plan
-Implement security policies and procedures
-Implement security controls
-Configure security architecture
-Enforce compliance requirements

Final Review:
-Review and evaluate security policies and procedures
-Review and evaluate security controls
-Review and evaluate security architecture
-Review and evaluate compliance requirements
-Conduct a post-implementation review
Cyber security analyst in Energy and Utilities, 5,001 - 10,000 employees

-Identify security goals and objectives
-Determine the best approach for meeting those goals

-Define the specific areas of the organization that the security strategy will cover
-Identify the types of assets, systems, and networks that will be protected

Proof of concept:
-Conduct a demonstration or test of the security strategy
-Identify any potential issues or weaknesses

-Deploy necessary technologies or processes
-Train employees on new security controls

Final review:
-Assess the effectiveness of the security strategy
-Make any necessary adjustments
-Conduct ongoing monitoring and evaluation to ensure the strategy continues to meet the organization's needs
Sales Analyst in IT Services, 10,001+ employees
Absolutely correct
Store Manager in Retail, 10,001+ employees
To define a security strategy, consider conducting a risk assessment, meeting compliance requirements, developing a security design, defining the scope, testing through a POC, implementing the strategy, and conducting a final review.

Content you might like





71.2k views166 Upvotes58 Comments

Open AI (Game Changer: adoption w/ChatGPT)40%

Google (Game Changer: inventor of Transformers, Bard)20%

Microsoft (Game Changer: real time BingGPT+Search plus enterprise enablement)18%

Meta (Game Changer: LLM that can run on single GPU)7%

Amazon (Game Changer: TBD)4%

X.AI / Elon Musk (Game Changer: TBD)3%

Baidu (Chinese tech giant, with GPT version released in March)3%

Someone completely new5%


26.3k views88 Upvotes14 Comments

Oracle ERP System Analyst / Accounting Manger in Retail, 10,001+ employees
Commuting to work in the morning.
Read More Comments
9.5k views2 Upvotes4 Comments