Continuing where we left in the previous article, in this article, we discuss the last four activities involved in the IDENTIFY phase, that is organizational boundaries, security frameworks, how to assess the current state of the previous security programs, and finally, how to assess the maturity of the security systems that are already in place.

In this article, you will learn about profile canvas templates and how to integrate them into a workshop setting. Developing hypothetical stakeholder profiles before the workshop can help you figure out the direction the interviews should take. Customer profile canvas lets you learn more about the expectations of the business from the Cybersecurity strategy.

This is the first of a new multipart educational series: Developing Information Security Strategy.

Organizations sometimes build walled gardens to secure information — a heavily armed ecosystem that does not interact freely with the outside world to support ideas that can push the company forward.

We have used Design Thinking process to radically rethink the way we design and implement InfoSec Strategy in the organizations.

This is not yet another framework such as COBIT to implement your InfoSec strategy. Instead, this is a method to design your InfoSec strategy that benefits your organization and receive support from your peers.

In this series, we will explore a range of topics that are necessary to create an optimal strategy, including:

• How to incorporate security operations into your strategy

• Information classification

• How to integrate SIEM, SOAR and SDAR

• When to outsource some or all of of your InfoSec strategy