Skip links

Security Strategy

Strategy should start with a strong understanding of your environment.

Excellent security solutions are defined and designed by the business deploying them – not by technology feature sets. IT Security is never about a snapshot of an environment, nor should it be about “blocking and tackling” the latest threats in the news in a reactive manner. Businesses make money and provide services by running technology in secure and unique ways. The IT solutions a business deploys enable these revenue and service lines. Security solutions and architectures need to protect companies based on these models that are defined by the business.

  • Do you need to protect the environment?
  • Do you have sufficient understanding of the risk to the data or the environment?
  • Is the control to protect the data consistent with the data itself? (You don’t want to implement a control that costs 100 thousand dollars to protect a five-thousand-dollar risk).
  • Do you have a strong decision making team (RACI, Governance Risk and Compliance, Audit, etc.)

Do you have a good awareness and education strategy? (Security is an inhibitor, and if you make a control that isn’t well understood, there can be mis-use, or exclusion of the control.)