IT Security Strategy

An existing IT Security group needed a mandate to move forward with some important additions to their portfolio. The Managing Director requested Savant Advisory Inc.'s help with the facilitation.

It's not unusual to find IT Security groups with little in the way of mandate and strategy. They all seem rather tied up with the day-to-day operational activities providing assurance regarding the organizations infrastructure and data. This organization was no exception.The Managing Director asked Savant Advisory Inc. to look at the exiting material surrounding the IT Security group and prepare a Strategy that could be taken to the CIO.

After reviewing the existing documentation, it became clear that this security group was in the same boat as most we had come in contact with. They were performing their function without any clear mandate or defined strategy. First we got to work and drafted an IT Security Charter which provided the structure and authority required for the group to undertake their duties. This was followed by a comprehensive strategy that identified IT Security structural changes, reporting line adjustments and a timeline for the addition of missing skills the group would require moving forward.

Both the Charter and the Strategy were sent to the large research/consulting company that this specific organization utilized for vetting their more strategic moves. The meeting to discuss the approach went very well, with no material changes to either the Charter or the Strategy. When we exited the conference call the Managing Director said, "You could work for them!". It was a satisfying compliment.