18. Overview of Process Methodology
Three Stages
1. Risk assignment – actual Technical Security
Reality State
2. Criticality assignment – the order in which the
business should/needs to do things due to
technical fundamentals, true audit issue,
actual threat risk
3. Gap review - the technical reality of where you
are compared to where you need to be
19. The CIO Scoreboard allows you to:
• Measure and analyze the current state of IT
Security Risk in your company
• Demonstrate and prove IT Security execution
• Develop and show a roadmap of investment
needed to fix weaknesses and problems within the
enterprise