Case Study: Security Vision and Strategy Development
Situation A web applications company needed to articulate its
security vision and develop a security strategy for consideration by
its executive leadership. The company had very little in place and
historically had had no centralized security function. Bellwether was
engaged to identify corporate priorities, develop a single, cohesive
strategy and identify the resources necessary to implement it. The
company wanted the gaps, program costs and associated benefits laid out
to facilitate a data-based decision-making process.
Approach Bellwether
reviewed security planning documents available and conducted structured
interviews with key outside service providers, internal security staff,
real estate representatives and IT Security personnel. Based on a
preliminary threat profile, the major security gaps were identified and
matched to appropriate risk mitigation programs. These programs were
prioritized and core milestones defined and laid out on a 3-year
timeline. The resources required for each initiative were then
identified by year, phase and priority. Analysis & Results The
analysis indicated that there were considerable gaps to fill and that
the initial budgetary resources set aside would be inadequate to
undertake the security strategy envisioned. The prioritization of
initiatives allowed implementation of certain core programs to get
underway while the lower priority initiatives could be deferred for a
period of time so that their associated benefits to the corporation
could
be further evaluated and reconsidered. The documentation of
alternatives and their rationale for inclusion was packaged into a
short executive presentation focused on the key drivers and their
outcomes. Benefits to Client Our client
was able to present a well articulated security strategy, with detailed
support, to its Executive Leadership team. The case for investment was
accepted and the high-priority programs implemented. Many of the key
gaps were filled and the company’s security posture
considerably enhanced. Overall, the security posture of the company was
placed as a higher priority for executive consideration than it had
been prior to our engagement and the contribution provided by the
security function more widely appreciated. |
Case Studies
- Cost-Benefit Analysis
- Governance Model
- Security Integration
- US Site Security
- Physical Security Benchmarking
- Security Vision and Strategy
- High-Profile Landmark Building
- Risk Based Resource Allocation
- Threat Analysis
- Disaster & Terrorism Preparedness
- Pandemic Preparedness