How to Build a Security Program : Maturity Roadmap (Part 2 of 4)

Want to level up your security program? Get the playbook: https://risk3sixty.com/whitepaper/sec... 90 Day Checklist & Toolkit: https://risk3sixty.com/whitepaper/90-... Security Program Maturity Assessment: https://risk3sixty.com/whitepaper/sec... This is part 2 of 4 in a series for security executives on building a security program. In this installment, we'll explore your security program's maturity roadmap. What steps should you take to ensure your program evolves alongside your growing business? How can you ensure that you're meeting your long-term goals? Overview 0:00 Intro 3:30 Maturity Roadmap 5:31 Choosing a Framework 9:44 Maturity Assessment 27:24 Building a Budget 39:50 Presenting the Plan 56:00 Q&A Downloads: Creating a team RACI diagram Take inventory of the jobs that must be completed in your security program. Identify if those jobs currently have owners or if new individuals need to be assigned. This will also help identify potential program gaps and resource needs. This template provides an organized list of categories and jobs of a typical security team in a RACI format. Building out your security program’s budget Begin by taking stock of the security programs' current spending. This process will help you understand what resources the security program has available, identify potential gaps, and understand the shared budget relationship between security, Information Technology, and Engineering. This template, taken from best practices such as NIST and SANS, is a great starting point for a security program budget. Evaluating your security program’s current level of maturity Most CISOs begin their tenure by assessing “where they are” and “where they would like to be.” This helps the CISO understand their current program maturity and envision where to take the company. This template will help you perform a program maturity assessment and generate maturity dashboards to present to your team. Presenting a security program roadmap to your board or executive team CISOs will be asked to present their strategy to the board and executive team. The presentation should depict the future state and demonstrate alignment with key business objectives. This presentation template will serve as a guide for presenting to your leadership team. Evaluating your strengths and weaknesses as a security leader Leverage this guide and quiz to discover your strengths, weaknesses, areas where you need support from your team, and types of organizations you best your security leadership style. Building a security team operating system that works and positions you and your team for success This guide provides a 5-part system and examples for creating an operating system for your security team that will position you for success.