Get Instant Access
to This Blueprint

Security icon

Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.

Our Advice

Critical Insight

  • Technological change is increasing both the protect surface and the variety of tools available to secure it.
  • Security frameworks are helpful, but they don’t describe how to gather business requirements, identify organizational risks, or set an appropriate target state for the program, or which controls to select to conduct an accurate gap analysis for the security program.
  • The better security leaders can balance a budget that funds cyber resiliency and drives revenue, the more likely they are to progress in their career.

Impact and Result

Build a business-aligned, risk-aware, holistic security strategy:

  • Gather business requirements to prioritize improvements.
  • Assess risks, stakeholder expectations, and risk appetite to set meaningful targets.
  • Do a comprehensive gap analysis to identify improvements.
  • Build a flexible roadmap to set the program on the right footing.

Build an Information Security Strategy Research & Tools

1. Build an Information Security Strategy Storyboard – A step-by-step document that helps you build a holistic, risk-based, and business-aligned information security strategy.

Your security strategy should not follow frameworks blindly. Instead, it should align with your business context and build on a solid risk assessment and a comprehensive gap analysis. Use this storyboard to build or update a business-aligned, risk-aware, and holistic security strategy that prioritizes program initiatives for the next three years.

Build an Information Security Strategy – Phases 1-4

2. Information Security Requirements Gathering Tool – A tool to gather business requirements you can use to prioritize security initiatives.

Use this tool to identify the organizational goals and compliance obligations that shape your security strategy and define its scope. Your work will inform the prioritization of security initiatives following the gap analysis.

Information Security Requirements Gathering Tool

3. Information Security Program Gap Analysis Tool – A tool to identify improvement initiatives that address your most significant control gaps.

Use this tool to conduct a comprehensive assessment of the current state of your program and identify improvement initiatives that address your most significant control gaps. Your work will draw on the business requirements and security pressures you identified in previous steps to build a three-year roadmap for your security program.

Information Security Pressure Analysis Tool

4. Information Security Program Gap Analysis Tool – A structured tool to systematically understand your current security state.

Effective security planning should not be one size fits all – it must consider business alignment, security benefit, and resource cost. To enable an effective security program, all areas of security need to be evaluated closely to determine where the organization sits currently and where it needs to go in the future.

Information Security Program Gap Analysis Tool

5. Information Security Strategy Communication Deck – A presentation template you can tailor to different audience to communicate your security strategy.

Use this deck to present the results of the security strategy to stakeholders and show how the security program will improve over time. The communication deck draws on the outputs of the business requirement, security pressure, and gap analysis tool to build a presentation template you can customized for different audiences.

Information Security Strategy Communication Deck

6. Information Security Charter – A charter template you can adapt to document the scope and purpose of your security program.

Use this template to define the scope and purpose of your security program. The charter will set clear objectives for the security steering committee and identify responsibilities for security governance initiatives.

Information Security Charter

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.6/10

Overall Impact

$45,090

Average $ Saved

32

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Carver County, MN

Guided Implementation

10/10

$12,999

10

Our analyst was great to work with and very knowledgeable.

Capital Regional District

Guided Implementation

10/10

$50,000

50

Jon and Manoj were the best part - They were so good at listening to my specific needs and concerns and explaining how to approach resolving them. ... Read More

Westoba Credit Union Limited

Guided Implementation

10/10

$10,000

14

Matches well with our current initiatives and helps build the business case for doing certain work and requesting additional resources.

County of Chesterfield, Virginia

Guided Implementation

10/10

$30,549

20

Efficient use of time with targeted focus on right tools and approach based on our current state.

CICSA CO OP Credit Union

Guided Implementation

10/10

$64,999

50

For me this is easily a $50k value add. EY, PWC etc. will charge $25k for a Cybersecurity Strategy and it will only entail a fraction of what Jo... Read More

City of Winter Park

Guided Implementation

10/10

$12,999

5

SaskEnergy

Workshop

10/10

$50,000

10

Sumit is a great facilitator. Best part was producing a much needed output in a prescribed period of time. Would have taken us much much longer i... Read More

California Department of Corrections & Rehabilitation

Guided Implementation

9/10

N/A

N/A

Erik is an experienced and well-informed expert. His experience provide value when it comes to developing successful strategies for our organiztio... Read More

City of Palm Beach Gardens

Guided Implementation

10/10

$12,999

100

Blandin Foundation

Guided Implementation

10/10

$12,999

20

Oregon Public Utility Commission

Guided Implementation

10/10

N/A

1

Advisors Excel, LLC

Workshop

10/10

$64,999

10

Michel Hebert was a great instructor and really made the workshop a great experience for me and my team. His approach and attitude towards everyon... Read More

Defence Construction Canada

Workshop

9/10

$50,000

20

Best: The analyst was really knowledgeable and facilitated the conversations during the entire process effectively. The exercise is very well stru... Read More

Municipality of Chatham-Kent

Guided Implementation

9/10

N/A

20

Tools were very helpful and Bobs guidance was spot on and very impactful. The tools were very sensitive to changes made to them which required a l... Read More

Sponsors For Educational Opportunity

Workshop

9/10

$38,999

32

It was detailed, valuable and the team was great. Definitely feel like we are in a better place and on a path. No worst parts.

East Bay Municipal Utility District

Guided Implementation

8/10

N/A

N/A

Helpful conversations with Bob as usual.

New Mexico Department Of Transportation

Workshop

10/10

$32,499

120

The InfoTech team was very knowledgeable about each domain. They supplied great advice to help develop the security strategy. The scheduling and ... Read More

Georgia Department of Banking and Finance

Guided Implementation

10/10

N/A

2

Cross Country Mortgage, Inc.

Guided Implementation

10/10

$64,999

20

American Integrity Insurance Company

Guided Implementation

10/10

$32,499

10

No worst parts. Eric was very good at pointing out a strong starting position and had a very practical approach at developing Security Policy wh... Read More

Board of Education of School Dist No. 61 (Greater Victoria)

Guided Implementation

10/10

$25,000

10

Petar is a fantastic resource. His expertise is coupled with patience and an ability to guid according to our organizational needs. We have not bee... Read More

HSS Enterprises Ltd c/o IKO

Guided Implementation

10/10

$10,000

20

It was all great. Fritz is a treasure trove. Enjoyed working with him and gain insights from his experience.

South Carolina Department of Employment and Workforce

Guided Implementation

10/10

N/A

4

I appreciate Jon's flexibility in our meeting. He was able to assess the current need for our conversation and pivot toward the gap analysis tool t... Read More

American National Insurance Company Inc

Workshop

10/10

$12,999

10

The facilitator (Sumit Chowdhury) was excellent at keeping the group focused and consistent in our appraisals of our activities throughout the enga... Read More

St. Mary's University

Guided Implementation

10/10

$32,499

120

Other than Michel's and the other Info-Tech folks experience and value, hard to estimate time and effort saved other than it was considerable.

Worldnet International

Guided Implementation

10/10

$129K

50

IHC New Zealand Incorporated

Guided Implementation

9/10

$28,599

9

The consultant (Robert) was well informed and had a very positive communication style. He was well supported by Sidhu and there were no negatives t... Read More

PrizePicks

Guided Implementation

10/10

$32,499

5

Hendra was an absolute delight to work with. He was pleasant, focused, knowledgeable, and basically impossible to fluster with my endless delays o... Read More

County of Nevada

Guided Implementation

9/10

N/A

5

Victor is a pleasure to work with. He is knowledgeable on the subject and takes the time to explain each step.

City of O'Fallon

Guided Implementation

10/10

N/A

120

We were steered towards targeted ways of improving our security rather than trying to identify them on our own.

Load More Testimonials

Security Strategy

Tailor best practices to effectively manage information security.
This course makes up part of the Security & Risk Certificate.

Now Playing:
Academy: Security Strategy | Introduction

An active membership is required to access Info-Tech Academy
  • Course Modules: 5
  • Estimated Completion Time: 1 hour
  • Featured Analysts:
  • Michel Hébert, Principal Research Director

Workshop: Build an Information Security Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Business Requirements

The Purpose

  • Assess business requirements.

Key Benefits Achieved

  • Identify security program alignment criteria.

Activities

Outputs

1.1

Understand business and IT strategy and plans.

  • Goals cascade for the security program
1.2

Define business and compliance requirements.

  • Goals cascade for the security program
1.3

Establish the security program scope.

  • Security scope and boundaries statement
1.4

Analyze the organization’s risks and stakeholder pressures.

  • Risk assessment and pressure analysis
1.5

Assess organizational risk appetite.

  • Organizational risk appetite

Module 2: Perform a Gap Analysis

The Purpose

  • Perform a gap analysis.

Key Benefits Achieved

  • Define the program's target state.
  • Assess the organization's current state.

Activities

Outputs

2.1

Define program target state.

  • Information security target state
2.2

Assess current security capabilities.

  • Security current-state assessment
2.3

Identify security gaps.

  • Initiatives to address gaps
2.4

Build initiatives to bridge the gaps.

  • Initiatives to address gaps

Module 3: Complete the Gap Analysis

The Purpose

  • Complete the gap analysis.

Key Benefits Achieved

  • Security program improvement tasks and initiatives

Activities

Outputs

3.1

Continue assessing security capabilities.

  • Completed current-state assessment
3.2

Identify security gaps.

  • Completed current-state assessment
3.3

Build task list.

  • Task list to address gaps
3.4

Build initiatives list.

  • Initiatives list to address gaps.

Module 4: Develop the Roadmap

The Purpose

  • Develop the roadmap.

Key Benefits Achieved

  • Security program roadmap
  • Communication resources

Activities

Outputs

4.1

Conduct cost-benefit analysis.

  • Information security roadmap
4.2

Prioritize initiatives.

  • Information security roadmap
4.3

Discuss resourcing and accountability.

  • Information security roadmap
4.4

Finalize security roadmap.

  • Information security roadmap
4.5

Create communication plan.

  • Draft communication deck

Module 5: Communicate and Implement

The Purpose

Finalize deliverables.

Key Benefits Achieved

Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.

Activities

Outputs

5.1

Support communication efforts.

  • Security strategy roadmap documentation
5.2

Identify resources in support of priority initiatives.

  • Detailed cost and effort estimates
  • Mapping of Info-Tech resources against individual initiatives
Unlock This Blueprint

Build an Information Security Strategy

Build an Information Security Strategy

Align the information security strategy to organizational goals and risks to create value.

EXECUTIVE BRIEF

Analyst Perspective

Align initiatives to the goals of your organization and the risks it faces.

Kate Wood

The rapid pace of technological change is a call to action to information security leaders.

Too often, security leaders find their programs stuck in reactive mode, as years of mounting security technical debt take their toll on the organization. Shifting from a reactive to proactive approach has never been more urgent, yet it remains a daunting task.

As we make security plans, we need to do more than blindly follow best practice frameworks. Only a proactive information security strategy, one that is holistic, risk-aware, and aligned to business needs, can help us navigate the changes ahead.

Kate Wood
Practice Lead, Security & Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.
  • Technological change is increasing both the protect surface and the variety of tools available to secure it.
  • Security frameworks are helpful, but they don’t describe how to gather business requirements, identify organizational risks, or set an appropriate target state for the program, or which controls to select to conduct an accurate gap analysis for the security program.
  • The better security leaders can balance a budget that funds cyber-resiliency and drives revenue, the more likely they are to progress in their career.

Build a business-aligned, risk-aware, holistic security strategy:

  • Gather business requirements to prioritize improvements.
  • Assess risks, stakeholder expectations, and risk appetite to set meaningful targets.
  • Conduct a comprehensive gap analysis to identify improvements.
  • Build a flexible roadmap to set the program on the right footing.

Info-Tech Insight

The most successful information security strategies are:

  • Holistic. They consider the full spectrum of information security including people, processes, and technologies.
  • Risk-Aware. They understand that security decisions should be made based on the security risks facing their organization, not just on best practice.
  • Business-Aligned. They demonstrate an understanding of the goals and strategies of the organization, and how the security program can support the business.

Your challenge

The stakes for information security programs have never been greater.

  • The rate of technological change is accelerating. Organizations continue to invest in technology to run the business, layering more systems to support remote work, enhance customer experience, and generate value.
  • Meanwhile, security threats are growing. Disruptive cyberattacks are more prevalent, sophisticated, and impactful than ever, targeting organizations of all industries and sizes.
  • Information security incidents were ranked as the most important business risk worldwide for the second year in a row according to the Allianz Risk Barometer 2023.
  • According to Cybersecurity Ventures, the cost of cybercrimes worldwide will grow by 15% year over year for the next five years, reaching US$10.5 trillion annually by 2025, up from US$3 trillion in 2015.
  • Security leaders need to adopt a proactive approach to secure the organization now and prioritize funding to high-risk areas.

Your challenge

The average cost of security incidents is reaching an all-time high.

83% percent of organizations that have had more than one breach in 2022.

US$4.45 million Average cost of a data breach in 2023.

US$5.13 million Average cost of a ransomware attack, not including the cost of the ransom.

Source: IBM, 2022, 2023.

Your challenge

Common attacks persist, which suggests that most are still not getting security fundamentals right.

66% Organizations hit by ransomware in 2021 and 2022.1

35% Organizations who conducted phishing simulations in 2022.2

84% Organizations who experienced phishing attacks with direct financial loss in 2022.2

Sources: 1 Sophos, 2022, 2023;
2 Ponemon, 2023.

Common obstacles

Reactive security strategies can’t keep up.

The image contains a screenshot of the common obstacles of reactive security.

Info-Tech’s approach

Build a proactive security strategy.

The image contains a screenshot of Info-Tech's approach to build a proactive security strategy.

Use a best-of-breed model based on leading frameworks

The image contains a screenshot of a best-of-breed model based on leading frameworks.
The image contains a screenshot of the Thought Model Build and Information Security Strategy.

Info-Tech’s methodology for building an information security strategy

1. Assess Business Requirements

2. Conduct a Gap Analysis

3. Build a Roadmap of Prioritized Initiatives

4. Execute and Maintain the Strategy

Phase Steps

1.1 Define goals & scope

1.2 Assess risks

1.3 Determine pressures

1.4 Determine risk appetite

1.5 Establish target state

2.1 Review security framework

2.2 Assess your current state

2.3 Identify gap closure actions

3.1 Define tasks & initiatives

3.2 Perform cost-benefit analysis

3.3 Prioritize initiatives

3.4 Build roadmap

4.1 Build communication deck

4.2 Develop a security charter

4.3 Execute on your roadmap

Phase Outcomes

  • Goals cascade, scope, and boundaries for the security program
  • Defined risk appetite level, risk assessment, and pressure analysis
  • Information security target state
  • Security current state assessment
  • Gap closure initiatives
  • Information security roadmap
  • Security strategy communication plan
  • Security charter

Tools

Information Security Requirements Gathering Tool; Information Security Pressure Analysis Tool

Information Security Program Gap Analysis Tool

Information Security Program Gap Analysis Tool

Information Security Strategy Communication Deck

Insight summary

Your security strategy is a business strategy first.
A well-defined information security strategy is holistic, risk aware, and business-aligned.

Assess business requirements
Protecting the organization means taking on enough risk to enable the organization to meet its objectives.

Seek agreement on the program target state
Higher target states require more investment. Ensure stakeholders agree on the maturity of the program you need from the start to ensure continued support.

Prioritize initiatives and roadmap
Express the benefit of security initiatives in terms of their impact on what matters – the key strategic goals that drive decision making at your organization.

Execute and maintain strategy
Reinforce the concept that a security strategy is an effort to enable the organization to achieve its core mission within its risk appetite.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Information Security Requirements Gathering Tool
Define the business, customer, and compliance alignment for your security program.

Information Security Pressure Analysis Tool
Determine your organization’s security pressures and ability to tolerate risk.

Information Security Program Gap Analysis Tool
Use our best-of-breed security framework to perform a gap analysis between your current and target states.

Information Security Charter
Ensure the development and management of your security policies meet the broader program vision.

Key deliverable:

Information Security Strategy Communication Deck
Present your findings in a prepopulated document that can summarizes all key findings of the blueprint.

The image contains a screenshot of the Information Security Strategy Communication Deck.

This blueprint is ideal for program updates

1. Program Update

“I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”

Use this blueprint to:

  1. Gather business requirements to align security initiatives based on organizational goals.
  2. Assess security pressures to set a meaningful target state for the program.
  3. Conduct a gap analysis to identify targeted improvements.
  4. Build a security roadmap of prioritized initiatives to set the program on the right footing.

This project is part of a broader program to improve your information security posture.

1. Lay Program Foundations
Set the stage for your security program properly. Focus first on how the program will support the creation of business value.

2. Define Security Governance
Establish the framework to evaluate, direct, and monitor security controls. Create a charter to support the security program.

3. Build Security Strategy
Build a strategy aligned with business goals and organizational risks. Create a strategy roadmap.

4. Build Security Catalog
Create a reference point for stakeholders to understand the security measures in place and how they work.

5. Define Security Architecture
Provide a roadmap for designing and implementing security controls.

6. Design Security Services
Define the content of the security services you will provide.

7. Operate, Measure, and Improve
Devise a suite of metrics to evaluate and improve the effectiveness of the security program.

2. Program Renewal

“I am worried the security program is getting stale. I need to understand what makes my organization unique to prioritize core security capabilities.”

Complete the first two phases of Design and Implement a Business-Aligned Security Program.

We will learn how to use the output from the security program design tool to inform your security strategy in Phase 2 of this project.

Info-Tech’s approach will accelerate your progress

Estimates reflect advisory and workshop client experiences.

With Blueprint

Without Blueprint

Phase 1: Assess Business Requirements

1 to 5 people

0.5 to 2 days

1-2 weeks

Phase 2: Conduct a Gap Analysis

1 to 5 people

2 to 3 days

4-8 weeks

Phase 3: Build a Roadmap of Prioritized Initiatives

1 to 2 people

1 day

1-2 weeks

Phase 4: Execute & Maintain the Strategy

1 to 5 people

1-2 days

1-2 weeks

Time Saved: 7-14 weeks

Benefits are iterative
Over time, experience incremental value from your initial security strategy. Through continual updates your strategy will evolve, but with less associated effort, time, and costs.

Run Info-Tech diagnostics to measure the success of your strategy

The image contains screenshots of the Governance & Management Maturity Scorecard.

Audience: Security Manager

Governance & Management Maturity Scorecard

Understand the maturity of your security program across eight domains.


The image contains a screenshot of the Security Business Satisfaction and Alignment Report.

Audience: Business Leaders

Security Business Satisfaction and Alignment Report

Assess the organization’s satisfaction with the security program.

  • Info-Tech diagnostics are standardized surveys that accelerate the process of gathering and analyzing pain point data.
  • Diagnostics also produce historical and industry trends against which to benchmark your organization.
  • Reach out to your account manager or follow the links to deploy some or all these diagnostics to validate your assumptions. Diagnostics are included in your membership.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical Guided Implementation on this topic look like?

Assess Business Requirements

Conduct a Gap Analysis

Prioritize Initiatives and Roadmap

Execute and Maintain the Strategy

Call #1: Introduce project and complete business requirements gathering.

Call #2: Introduce pressure analysis.

Call #3: Introduce the maturity assessment.

Call #4: Perform gap analysis and translate into initiatives.

Call #5: Consolidate related gap initiatives and define cost, effort, alignment, and security benefits.

Call #6: Review cost-benefit analysis and build an effort map.

Call #7: Build implementation waves and introduce Gantt chart.

Call #8: Review Gantt chart and ensure budget/buy-in support.

Call #9: Three-month check-in: Execute and maintain the strategy.

A Guided Implementation is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical Guided Implementation takes place in 2 to 12 calls scheduled over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5

Assess Business Requirements

Perform a Gap Analysis

Complete the Gap Analysis

Develop Roadmap

Communicate and Implement

Activities

1.1 Understand business and IT strategy and plans

1.2 Define business and compliance requirements

1.3 Establish the security program scope

1.4 Analyze the organization’s risks and stakeholder pressures

1.5 Assess organizational risk appetite

2.1 Define the information security target state

2.2 Assess current security capabilities

2.3 Identify security gaps

2.4 Build initiatives to bridge the gaps

3.1 Continue assessing current security capabilities

3.2 Identify security gaps

3.3 Build initiatives to bridge the maturity gaps

3.4 Identify initiative list and task list

3.5 Define criteria to be used to prioritize initiatives

4.1 Conduct cost-benefit analysis on initiatives

4.2 Prioritize gap initiatives based on cost, time, and alignment with the business

4.3 Build effort map

4.4 Determine start times and accountability

4.5 Finalize security roadmap and action plan

4.6 Create communication plan

5.1 Finalize deliverables

5.2 Support communication efforts

5.3 Identify resources in support of priority initiatives

Deliverables

  1. Goals cascade for the security program
  2. Security scope and boundaries statement
  3. Risk assessment and pressure analysis
  4. Organizational risk appetite
  1. Information security target state
  2. Security current state assessment
  3. Initiatives to address gaps
  1. Completed security current state assessment
  2. Task list to address gaps
  3. Initiative list to address gaps
  4. Prioritization criteria
  1. Information security roadmap
  2. Draft communication deck
  1. Security strategy roadmap documentation
  2. Detailed cost and effort estimates
  3. Mapping of Info-Tech resources against individual initiatives

Executive Brief Case Study

INDUSTRY: Financial Services

SOURCE: Info-Tech Research Group

Credit Service Company

Founded over 100 years ago, Credit Service Company (CSC)* services over 50,000 US clients in 40 branches across four states.

Situation
Increased regulations, changes in technology, and a growing number of public security incidents had caught the attention of the organization’s leadership. Despite awareness, an IT and security strategy had not been previously created. Management was determined to create a direction for the security team that aligned with their core mission of providing exceptional service and expertise.

Solution
During the workshop, the IT team and Info-Tech analysts worked together to understand the organization’s ideal state in various areas of information security. Having a concise understanding of requirements was a stepping stone to beginning to develop CSC’s prioritized strategy.

Results
Over the course of the week, the team created a document that concisely prioritized upcoming projects and associated costs and benefits. On the final day of the workshop, the team effectively presented the value of the newly developed security strategy to senior management and received buy-in for the upcoming project.

*Some details have been changed for client privacy.
Build an Information Security Strategy visualization

Align the information security strategy to organizational goals and risks to create value.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.6/10
Overall Impact

$45,090
Average $ Saved

32
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess business requirements
  • Call 1: Introduce project and complete business requirements gathering.
  • Call 2: Introduce pressure analysis.

Guided Implementation 2: Conduct a gap analysis
  • Call 1: Introduce the maturity assessment.
  • Call 2: Perform gap analysis and translate into initiatives.

Guided Implementation 3: Prioritize initiatives and roadmap
  • Call 1: Consolidate related gap initiatives and define cost, effort, alignment, and security benefits.
  • Call 2: Review cost-benefit analysis and build an effort map.
  • Call 3: Build implementation waves and introduce Gantt chart.

Guided Implementation 4: Execute and maintain the strategy
  • Call 1: Review Gantt chart and ensure budget/buy-in support.
  • Call 2: Three-month check-in: Execute and maintain the strategy.

Authors

Michel Hebert

Kate Wood

Contributors

  • Peter Clay, Zeneth Tech Partners, Principal
  • Ken Towne, Zeneth Tech Partners, Security Architect
  • Luciano Siqueria, Road Track, IT Security Manager
  • Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
  • Jason Bevis – FireEye, Senior Director Orchestration Product Management - Office of the CTO
  • Joan Middleton, Villiage of Mount Prospect, IT Director
  • David Rahbany, The Hain Celestial Group, Director IT Infrastructure
  • Rick Vadgama, Cimpress, Head of Information Privacy and Security
  • Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
  • Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
  • Trevor Butler, City of Lethbridge, Information Technology General Manager
  • Shane Callahan, Tractor Supply, Director of Information Security
  • Jeff Zalusky, Chrysalis, President/CEO
  • Dan Humbert, YMCA of Central Florida, Director of Information Technology
  • Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
  • Jim Burns, GreatAmerica Financial Services, Vice President Information Technology
  • Ryan Breed, Hudson’s Bay, Information Security Analyst
  • James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems

Related Content: Security Strategy & Budgeting

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy