[Cybersecurity Architecture] Strategic Planning & Roadmap Examples & Tools
Whether an organization is small with a relatively straightforward data environment or a larger entity with a data infrastructure that's far-reaching and complex, it's a good idea to identify and protect against security risks by establishing a security architecture program and the associated processes to implement it. A defined Security Architecture helps guide an enterprise’s investment strategy when it comes to all kinds of security initiatives.
Security Architecture Roadmaps provide a holistic view of a path to delivering on an well defined company business strategy and strategic plan. Roadmaps are strategy tailored, identifying strategy interdependencies between the elements required to deliver on the strategies. Roadmaps build on current state by providing a narrative describing strategic elements, including business goal and objective-aligned business, information, and security initiatives, often supplanted with time-based, layered, and aligned representations.
Cybesecurity Strategic Planning
Cybesecurity Strategic Plan Cycle (around Mission):
- 1. Goals : Where does the oganization want to go?
- 2. Desired Outcomes: How will you get there?
- 3. Strategies: How do you measure success?
- 4. Measured Targets: How did we do?
- 5. Results : How can we improve?
Cybesecurity Strategic Plan Example:
Cybersecurity Planning:
- Strategic three year cycle and plan is made up of 3 tactical plans
- Tactical plans run one-year cycle
- Review of strategic plans begins 3 months before the current plan exires
- Management monitoring occurs quarterly
Cybersecurity Operations
 |
| NIST : Five Functions |
Identify ->Protect (Establish Enterprise Cybersecurity Management System)
Governance, Risk Management, Asset Management, Security Information & Event Management, Information Protection Practices, Vulnerability Management
->Detect (Identify, Investigate, Triage, Notify)
Continual Monitoring 24/365
->Respond (Observer-Orientate-Decide-Act, Notify, Contain, Preserve Evidence, Eradicate, Failover if required)
Playbook Activation, 15-minute acceptance, 2-hour resolution
->Recovery (Operations returned to normal)
Return to steady state, 2-hours
Return to regular operations
Post Incident review for conitunal improvement (Quality Management Feedback loop)
Project Chart
Project Definition
- Project objectives
- Project benefits
- Project strategy
- Cirtical success factors
Project Deliverables:
- Deliverables
- Key Interim Deliverables
- Quick wins
- Project Scope
Parameters:
- Milestone
- Type of resource
- Skill set
- Effort
- Duration
- Target date
- Known constraints
- Beginning assumptions
- Risk assessment
Project Organizational Impacts
- Project Team
- Issue resolution team
- Departments impacted by the project
- Potential project priority
- User/Client responsibilities
SignOff
Roadmap
Resource Plan
Cybersecurity Budgets
1. Operations: Typically, 8%-15% of IT budget is used for Cybersecurity
2. Capital / Improvement Projects: Resource plan, acquisitions, purchases
Security Architecture Roadmap Examples
1 Cybersecurity roadmap : Global healthcare security architecture
2 Microsoft Cybersecurity Reference Architecture
The Microsoft Cybersecurity Reference Architecture describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you better utilize it.
3 Another example
Lucidchart Object might not work anymore. You can find the image below.
Lucidchart Object might not work anymore. You can find the image below.
Cyber Security Roadmap with Timeline
Tools
- IT Business Edge - Security Architecture Roadmap Tool
URL: https://www.itbusinessedge.com/itdownloads/security-architecture-roadmap-tool/90815
Download Link
References
- https://www.youtube.com/watch?v=4GTd5XFr2Rs - Cybersecurity annual planning and budgeting
共有 0 条评论