Bookmark and Share

Creating a Dynamic and Actionable Information Security Plan

This roundtable had participants with a variety of backgrounds such as health care, financial services, education, and much more—and everyone started their security plan with the same basic framework, but because of the unique aspects of every single organization, their plans have to evolve and change to match it. Whether you’ve inherited a security program or built it yourself, changes still have to be made alongside the business. Do you have the right reporting structure? Are you reporting to the right figure in your company leadership? Are you reaching out to the right members of your company to ensure your plan works across the entire company—not just in your own security home base? Another issue brought up at this table was compliance. Many plans start out with a focus on compliance, but as the business changes and as compliance regulations are updated (GDPR, etc.), the plan has to adapt in order to fit both. Furthermore, it is important to realize that a dynamic, actionable security plan is not solely an expenditure—it is a value-add to the business, and showcasing that positive aspect to your board, leadership, and employees can help further implement it across the organization. All in all, the main point is that your plan is going to change, and your reporting relationship to your board is going to change, but you have to keep that plan dynamic, adaptable, and active to ensure it thrives and your organization remains secure.