A typical roadmap to achieve a defined secure desired state includes (people , process ,technology)& other resources. the interaction & relationship between these elements are likely to be complex, its is prudent to consider initiating a security Architecture such as SABSA whcih provide a structured approach to defining business drivers and process flow.