Bookmark and Share

Creating a Dynamic and Actionable Information Security Plan

Keeping your security plan modern and not static is a key first step in creating a dynamic and actionable information security plan. Gary Sprague and his roundtable participants emphasized that security leaders need to stay involved with their various business groups as well as classify enterprise data. This way, security executives remain clear on business goals, business risks, and what information needs to be protected. A good plan will also be cost effective, especially if migrated to the cloud, and will also be possible to accomplish, making great use out of analytics so security teams know how well they are doing. Security leaders should communicate goals often and strive to give their teams some short wins to keep them positive and motivated. If you work with third parties, you should also check in with their security posture, especially since it can directly affect your own. For both internal and external parties, security leaders can also create checkpoints to monitor where everyone is in executing the security plan, how aware they are of the process, and what is left to do. Security leaders should also take care to communicate clearly in their messages to employees, so both parties understand what the end goal is. Try to make it personal by showing how this plan will affect their personal lives in staying safe online.