A strategic, risk-based approach to information security is the direction almost all businesses are moving in, for good reason. It's also necessary to determine Business Context if your goal is ISO 27001 certification and/or protecting your personal brand in addition to your business.
Vision + Traction, Part 1 (Organizational Context) - First step toward ISO 27001 Certification as well.
Is your Information Security Program vision clearly documented and in line with your business objectives? Do you know the best ways to gain traction for your vision? Is your audience clearly defined? Is your program a risk-based program? Do you have a defensible “story”? Do you want to run your program like a business within the business? Is your personal brand protected so you have a defensible story should you become the scapegoat following a breach?
The Orange Parachute Vision + Traction Exercise will answer these questions and more, and set you on the path to personal success & traction for your Information Security Program vision.
If you’re responsible for information security at your company, you have to be able to tell a great story to a variety of audiences, and that starts with your vision. Your Information Security Program vision may be clear to you, but it may not yet be simple or clear enough where your internal stakeholders and customers can easily share your vision.
You must have clarity around your organizational context and how your Information Security Program meets the spirit and intent of your internal and external requirements for securing information assets, while also aligning to the vision of the business as a whole.
Many businesses are spending far too much time responding to security questionnaires and audits, or making un-informed decisions on investments in security technology without answering the “W” questions on the strategy side. It’s time to put more energy into your strategy, both for your personal career growth and the business you are representing currently. No longer does investing in the latest and greatest "tool" make any sense without a sound strategy, great processes, and answering the "W" questions first.
Whether you are a Fortune 500 company with a well-established security program or a business just getting started, we can help.