loading

Security Leadership with SANS MGT514 – Part01

  • Home
  • Security Leadership with SANS MGT514 – Part01
By wp_adam January 13, 2025 0 Comments

Strategic Roadmap Planning

This work is merely a reference to the original SANS MGT514 course, created only based on my understanding of the course. The primary objective of this entire series is to impart information with my own words and persuade people of the efficacy of SANS courses, which are created with numerous real-life examples and well-developed labs. Remember that certain portions were left ignored in order to avoid any copywriting concerns.

After receiving a cybersecurity program management assignment, it is crucial to comprehend the goals and create a plan to deliver the desired results while staying within the budget and resource constraints. There are many things that go wrong with our projects, but poor identification and analysis are the main ones. A well-crafted strategy roadmap gives us the tools we need to deliver projects on time, within budget, and in alignment with the goals, values, and vision of the organization.

This effort is only a preview of the original SANS MGT514 program, which includes several real-life examples and well-developed labs.

Remember that there are certain areas those have been left unaddressed in order to avoid any copywriting issues.

A strategy roadmap serves as a bridge between strategy and execution and helps us to map out the important results that must be attained within the predetermined time frame. A well-written strategy aids in creating a roadmap where objectives are placed appropriately and given a logical order of importance. We can also use it to plan the efforts necessary to achieve our goals, to allocate resources according to a schedule, and to monitor consistently to prevent drift.

In this section, we went in-depth to learn about the tools and techniques for planning to create a strategic roadmap. The following topics were covered one at a time.

Deliverable of Strategic Planning

This course trained participants to use multiple management tools to analyze business requirements, threats and priorities. Following deliverable are helpful in placing an actionable and effective security program with continuous improvement as business leaders more interested in something tangible.  

  • Understand business & security needs
  • Assess organization security posture maturity
  • Translate security efforts for business leaders
  • Establish multistage security plan
  • Build Business Security Case
  • Setup mastics for continuous improvement

Uncover security trails

Those who cannot remember the past are condemned to repeat it. George Santayana

Business leaders always remember past, a convincing plan should be free from errors encountered in past and align security activities with business goals.

Culture eats strategy for breakfast. Peter Drucker

As an extract of above quote; A winning culture centered around teamwork and delivery can achieve anything.

  • Organization’s History
  • Integration between projects and strategic objectives
  • Key services and assets

Identify and Manage Stakeholders

Although it may not be obvious at first, even a small group of omitted stakeholders can have a negative impact on your entire project and, ultimately, on the program. As a result, appropriate stakeholder management must be considered as early as possible in order to identify and manage stakeholders based on their needs and influence.

Book: The Leader’s Handbook: Making Things Happen, Getting Things Done

Porter’s Five Force Framework

By identifying the sources of power in an organization, Porter’s Five Forces is a powerful method for creating corporate strategy. You may assess whether an industry sector is desirable or will have a strategically sound niche by examining the internal and external pressures that exist within it. It functions as a sort of checklist that guides you through the process of identifying and taking into account five forces that affect the level of competition and, ultimately, how you can turn a profit.

  • Power of Customers
  • Substitute Products
  • Power of Suppliers
  • Threat of New Entrants
  • Competitive Rivalry

Book: Competitive Strategy: Techniques for Analyzing Industries and Competitors

Determine Threats

“If you know the enemy and know yourself you need not fear the results of a hundred battles. Sun Tzu

This section is divided into parts as “know yourself” and know the enemy.

know yourself

If something is treasures to your organization, it’s probably valuable to your adversary or attacker too.

This point talks about identifying several asset categories which ones can be the most beneficial to an organization and educates to relate their significance its objective and vision. Different assets may be the preferred target of attackers, depending on their goals and motivations.

  • Critical, Unique and irreplaceable information
  • Offer competitive and strategic advantages

know the enemy

Understanding the threats allows us to deploy a strong security program and helps us identifying what are the tactics and weakness of the attackers. As Sun Tzu points out, we can only hope to build a successful information security program if we understand both edges.

Posted in CISO Cybersecurity Architect Security Operations

Resent Post

Archives

Categories

Tags

AI AI Assistants AI Governance AI Startups Artificial Artificial Intelligence Background Removal Chatbot Agency Compliance Cybersecurity Program Data Governance Data Privacy Data Protection Design Tips Developers Digital Art DIY Editing Fashion Game Global Governance Graphic Design Image Editing Incident Response Laws & Regulations MITRE ATT&CK Network Intrusion Detection Online Community OpenAI Partnerships Photo Editing Photography Startup Technology Techonology Threat Hunting Tutorials Visual Content Visual Media

Recent Post