SlideShare a Scribd company logo

2023-it-roadmap-for-cybersecurity-techcnical

J
Jack585826

Roadmap IT 2023

Technology
1 of 11
Download to read offline
IT Roadmap for Cybersecurity Excerpt © 2023 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GTS_2290572
How do successful organizations develop risk-based security programs to support business agility and resilience? Digital business transformation and emerging cyber-physical systems create unprecedented security risk. By 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility — up from 41% in 2022.* In response, many organizations adopt new cybersecurity approaches. But organizations struggle to balance cybersecurity with the need to run the business. Chief information security officers (CISOs) can help by developing processes that enable risk-based decisions while protecting against security threats and preventing data breaches and other cybersecurity events. From our expert research and interactions with thousands of companies across industries, we have compiled cybersecurity best practices into a customizable roadmap. Use this roadmap to understand the key stages, resources and people required to plan and execute an effective cybersecurity initiative. Source: 2022 Gartner CEO and Senior Business Executive Survey 67% of CEOs and senior business executives want more technology work done directly within business functions/departments and less in IT. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client 2
By developing and implementing a robust and defensible cybersecurity program The only way to deal effectively with the evolving risks of digitalization and increasing cyberthreats is to institute a continuous security program. Unfortunately, too many organizations just “tick the boxes” when they aim to establish a security capability — that is, they typically produce a lot of documentation and invest aggressively in technology. But they spend little or no time on establishing effective governance or the ability to assess and interpret risk effectively. A defensible security program substantiates the answer to the important question from stakeholders: “Is the organization doing enough to reasonably protect its information resources?” Source: Gartner Components of a Cybersecurity Program Enterprise security charter: Executive mandate Terms of reference: Reference model Annual strategy plan: Roadmap Governance structures: Accountability Security processes: Execution Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client 3
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client What are the key stages? This best-practice insight is distilled from interactions with clients who have successfully implemented cybersecurity initiatives. This map shows the sequence of objectives and desired outcomes and is useful for aligning all stakeholders. A few key milestones and a sample of associated Gartner resources are highlighted below, but the full roadmap will include complete details of all milestones and resources for each stage. Build and mature program Reassess and optimize Align strategy Develop action plan Initiate execution Some of the top questions of the cybersecurity initiative are: 3 Which leaders and teams need to be involved? 2 How can we use an outcome-driven approach to establish cybersecurity priorities and investments? 1 How will this support business resilience and growth goals while reducing risk? 4
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Align strategy Set objectives and build business case Selected tasks Understand key business priorities; define program mission and vision; and identify business, technology and threat drivers Identify goals, program value, and key stakeholders’ roles and responsibilities Define security controls in line with organizational strategies and map them to a standardized security framework Get stakeholder feedback, define key objectives and finalize initial summary of security strategy document + more Sample associated Gartner resources • Analyst inquiry: Engage with an analyst to finalize the right metrics that can measure the impact of cybersecurity • Analyst inquiry: Engage with an analyst to discuss the right approach to communicate the business impact of cybersecurity to the stakeholders • Research: How to Build a Robust, Defensible Security Program That Enables Business Growth and Agility + more Develop action plan Create risk prioritization framework Selected tasks Conduct vulnerability assessment and penetration testing Establish current maturity baseline, define target state and conduct gap analysis Get executive or board buy-in and resource backing Develop security architecture, policy framework and solution layer + more Sample associated Gartner resources • Research: CISO Foundations — Toolkit: Strategic Planning Presentation and Dashboards • Tool: IT Score for Security and Risk Management • Research: Ignition Guide to Building an Annual Cybersecurity Budget + more Align strategy Develop action plan Initiate execution Build and mature program Reassess and optimize 5
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Initiate execution Design and adjust team structure Selected tasks Integrate capabilities, tools and technologies Establish security team roles and responsibilities and identify stakeholders to be accountable, consulted and informed Develop critical competencies and train for desired of missing skills Use metrics and incentives to drive accountability among owners + more Sample associated Gartner resources • Consultation by phone: Engage with an expert to discuss “The CARE Standard for Cybersecurity” • Research: Read about cybersecurity threat and its impact on the business • Research: How to Design a Practical Security Organization + more Build and mature program Maintain accountability and assurance through governance Selected tasks Develop critical incident response capability and an action plan in case of breaches Develop a program structure to monitor and combat advanced threats Instill a culture of secure employee behavior and initiate tailor training and awareness campaigns Develop advanced reporting and response and craft a communications plan for cyber breaches + more Sample associated Gartner resources • Analyst inquiry: Engage with an analyst to finalize the right metrics that can measure the impact of cybersecurity • Analyst inquiry: Engage with an analyst to discuss the right approach to communicate the business impact of cybersecurity to the stakeholders • Research: How to Build a Robust, Defensible Security Program That Enables Business Growth and Agility + more Establish baseline Identify opportunities Establish baseline Identify opportunities Implementation Institutionalize Monitor and Improve Align strategy Develop action plan Initiate execution Build and mature program Reassess and optimize 6
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Reassess and optimize Communicate program value Selected tasks Create a plan to communicate value to the organization and the board Track metrics and seek feedback to assess and improve program effectiveness Revisit maturity assessment to further optimization + more Sample associated Gartner resources • Consultation by phone: Discuss the key points that can help in the further optimization of cybersecurity preparation in the organization • Analyst inquiry: Redo the Gartner IT Score assessment to measure progress and reprioritize • Research: Tool — Board Briefing: How to Communicate the Cyber-Risk Posture of Your Organization + more Establish baseline Identify opportunities Implementation Monitor and Improve Establish baseline Identify opportunities Implementation Reassess and optimize Institutionalize Institutionalize 7
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Who needs to be involved? The most successful companies establish cross-functional teams for their cybersecurity initiatives. We have outlined the recommended functions to involve and their roles to ensure the best success in hitting the milestones. CISO Leads development of cybersecurity strategy and program; ensures cybersecurity strategy is aligned with business strategy and objectives; directs assessment, action plan and execution; helps communicate cybersecurity strategy and progress across the organizations; collaborates on program implementation with key leaders and stakeholders Enterprise applications and software engineering leader Key partner for the CISO; assist with implementation and operation of key elements of security programs and operations Enterprise architecture leader and team Collaborate with the CISO and other IT leaders to make sure that security strategy and architecture are aligned and incorporated into overall enterprise architecture Infrastructure and operations team and leader Key partner for the CISO; assist with implementation and operation of key elements of security program and operations Data and analytics leader Partners with the CISO to establish data ownership, data value and data security governance Technical professionals team Designs, implements, or improves and maintains security architectures, policies and procedures; monitors and evaluates cybersecurity performance, and improves it on the basis of new threats; improves skills as needed CIO Collaborates with organizational leaders and guides the building of the cybersecurity program; communicates strategy and objectives across the organization 8
Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Mission-critical priority With the aim to streamline business processes and develop a digital- business-ready environment, Pacific Textiles wanted to develop a framework that adheres to IT compliance, minimizing cybersecurity risk. How Gartner helped With access to Gartner experts, research and tools, Pacific Textiles was able to digitalize information through an ERP system, automate manufacturing processes with new technology and craft a ready-to-execute cybersecurity roadmap. Mission accomplished With the help of Gartner, Pacific Textiles was able to: • Take a holistic approach to governance and risk management procedures • Build a strong digital business foundation • Optimize business processes, saving time and energy for the top management Customer success story: Enabling IT Compliance With Cybersecurity Roadmap 9
Explore these additional complimentary resources and tools for cybersecurity leaders: Already a client? Get access to even more resources in your client portal. Log In Access other roadmaps in this series Protect Your Business Assets With a Roadmap for Maturing Information Security Roadmap: Drive Successful Digital Growth With Data and Analytics Migrating Data and Analytics Architectures to the Cloud: Roadmap Enhance Your Roadmap for Effective Data Governance Roadmap: Devising an Effective Cloud Strategy Research The CISO’s Guide to Your First 100 Days Find out the actions you should take in your first 100 days as a CISO. Webinar Treat Cybersecurity as a Business Investment for Better Outcomes Understand how to communicate outcome-driven metrics to your board of directors. eBook Leadership Vision for Security and Risk Management Leaders Explore the top 3 strategic priorities for security and risk management leaders. Conference Explore Gartner Cybersecurity Conferences Advance your cybersecurity and risk management strategy by attending a Gartner conference. Actionable, objective insight Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client
Connect With Us Get actionable, objective insight to deliver on your mission-critical priorities. Our expert guidance and tools enable faster, smarter decisions and stronger performance. Contact us to become a client: U.S.: 1 855 811 7593 International: +44 (0) 3330 607 044 Become a Client Learn more about Gartner for Cybersecurity Leaders gartner.com/en/cybersecurity Stay connected to the latest insights © 2023 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GTS_2290572

Recommended

Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Security Executive Council
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by FirstMutualHoldings
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfSALES97
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 

Recommended

Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Insight into Security Leader Success Part 2
Insight into Security Leader Success Part 2Security Executive Council
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by FirstMutualHoldings
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfSALES97
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolioKaloyan Krastev
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Lennart Bredberg
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis
 
Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)OCTF Industry Engagement
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesFaisal Amin
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security PlanEnvision Technology Advisors
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramCigital
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leaderaccenture
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

More Related Content

Similar to 2023-it-roadmap-for-cybersecurity-techcnical

Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolioKaloyan Krastev
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Lennart Bredberg
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesFaisal Amin
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramCigital
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leaderaccenture
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 

Similar to 2023-it-roadmap-for-cybersecurity-techcnical (20)

Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessment
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
 
Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofees
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security Program
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

2023-it-roadmap-for-cybersecurity-techcnical

  • 1. IT Roadmap for Cybersecurity Excerpt © 2023 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GTS_2290572
  • 2. How do successful organizations develop risk-based security programs to support business agility and resilience? Digital business transformation and emerging cyber-physical systems create unprecedented security risk. By 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility — up from 41% in 2022.* In response, many organizations adopt new cybersecurity approaches. But organizations struggle to balance cybersecurity with the need to run the business. Chief information security officers (CISOs) can help by developing processes that enable risk-based decisions while protecting against security threats and preventing data breaches and other cybersecurity events. From our expert research and interactions with thousands of companies across industries, we have compiled cybersecurity best practices into a customizable roadmap. Use this roadmap to understand the key stages, resources and people required to plan and execute an effective cybersecurity initiative. Source: 2022 Gartner CEO and Senior Business Executive Survey 67% of CEOs and senior business executives want more technology work done directly within business functions/departments and less in IT. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client 2
  • 3. By developing and implementing a robust and defensible cybersecurity program The only way to deal effectively with the evolving risks of digitalization and increasing cyberthreats is to institute a continuous security program. Unfortunately, too many organizations just “tick the boxes” when they aim to establish a security capability — that is, they typically produce a lot of documentation and invest aggressively in technology. But they spend little or no time on establishing effective governance or the ability to assess and interpret risk effectively. A defensible security program substantiates the answer to the important question from stakeholders: “Is the organization doing enough to reasonably protect its information resources?” Source: Gartner Components of a Cybersecurity Program Enterprise security charter: Executive mandate Terms of reference: Reference model Annual strategy plan: Roadmap Governance structures: Accountability Security processes: Execution Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client 3
  • 4. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client What are the key stages? This best-practice insight is distilled from interactions with clients who have successfully implemented cybersecurity initiatives. This map shows the sequence of objectives and desired outcomes and is useful for aligning all stakeholders. A few key milestones and a sample of associated Gartner resources are highlighted below, but the full roadmap will include complete details of all milestones and resources for each stage. Build and mature program Reassess and optimize Align strategy Develop action plan Initiate execution Some of the top questions of the cybersecurity initiative are: 3 Which leaders and teams need to be involved? 2 How can we use an outcome-driven approach to establish cybersecurity priorities and investments? 1 How will this support business resilience and growth goals while reducing risk? 4
  • 5. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Align strategy Set objectives and build business case Selected tasks Understand key business priorities; define program mission and vision; and identify business, technology and threat drivers Identify goals, program value, and key stakeholders’ roles and responsibilities Define security controls in line with organizational strategies and map them to a standardized security framework Get stakeholder feedback, define key objectives and finalize initial summary of security strategy document + more Sample associated Gartner resources • Analyst inquiry: Engage with an analyst to finalize the right metrics that can measure the impact of cybersecurity • Analyst inquiry: Engage with an analyst to discuss the right approach to communicate the business impact of cybersecurity to the stakeholders • Research: How to Build a Robust, Defensible Security Program That Enables Business Growth and Agility + more Develop action plan Create risk prioritization framework Selected tasks Conduct vulnerability assessment and penetration testing Establish current maturity baseline, define target state and conduct gap analysis Get executive or board buy-in and resource backing Develop security architecture, policy framework and solution layer + more Sample associated Gartner resources • Research: CISO Foundations — Toolkit: Strategic Planning Presentation and Dashboards • Tool: IT Score for Security and Risk Management • Research: Ignition Guide to Building an Annual Cybersecurity Budget + more Align strategy Develop action plan Initiate execution Build and mature program Reassess and optimize 5
  • 6. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Initiate execution Design and adjust team structure Selected tasks Integrate capabilities, tools and technologies Establish security team roles and responsibilities and identify stakeholders to be accountable, consulted and informed Develop critical competencies and train for desired of missing skills Use metrics and incentives to drive accountability among owners + more Sample associated Gartner resources • Consultation by phone: Engage with an expert to discuss “The CARE Standard for Cybersecurity” • Research: Read about cybersecurity threat and its impact on the business • Research: How to Design a Practical Security Organization + more Build and mature program Maintain accountability and assurance through governance Selected tasks Develop critical incident response capability and an action plan in case of breaches Develop a program structure to monitor and combat advanced threats Instill a culture of secure employee behavior and initiate tailor training and awareness campaigns Develop advanced reporting and response and craft a communications plan for cyber breaches + more Sample associated Gartner resources • Analyst inquiry: Engage with an analyst to finalize the right metrics that can measure the impact of cybersecurity • Analyst inquiry: Engage with an analyst to discuss the right approach to communicate the business impact of cybersecurity to the stakeholders • Research: How to Build a Robust, Defensible Security Program That Enables Business Growth and Agility + more Establish baseline Identify opportunities Establish baseline Identify opportunities Implementation Institutionalize Monitor and Improve Align strategy Develop action plan Initiate execution Build and mature program Reassess and optimize 6
  • 7. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Reassess and optimize Communicate program value Selected tasks Create a plan to communicate value to the organization and the board Track metrics and seek feedback to assess and improve program effectiveness Revisit maturity assessment to further optimization + more Sample associated Gartner resources • Consultation by phone: Discuss the key points that can help in the further optimization of cybersecurity preparation in the organization • Analyst inquiry: Redo the Gartner IT Score assessment to measure progress and reprioritize • Research: Tool — Board Briefing: How to Communicate the Cyber-Risk Posture of Your Organization + more Establish baseline Identify opportunities Implementation Monitor and Improve Establish baseline Identify opportunities Implementation Reassess and optimize Institutionalize Institutionalize 7
  • 8. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Who needs to be involved? The most successful companies establish cross-functional teams for their cybersecurity initiatives. We have outlined the recommended functions to involve and their roles to ensure the best success in hitting the milestones. CISO Leads development of cybersecurity strategy and program; ensures cybersecurity strategy is aligned with business strategy and objectives; directs assessment, action plan and execution; helps communicate cybersecurity strategy and progress across the organizations; collaborates on program implementation with key leaders and stakeholders Enterprise applications and software engineering leader Key partner for the CISO; assist with implementation and operation of key elements of security programs and operations Enterprise architecture leader and team Collaborate with the CISO and other IT leaders to make sure that security strategy and architecture are aligned and incorporated into overall enterprise architecture Infrastructure and operations team and leader Key partner for the CISO; assist with implementation and operation of key elements of security program and operations Data and analytics leader Partners with the CISO to establish data ownership, data value and data security governance Technical professionals team Designs, implements, or improves and maintains security architectures, policies and procedures; monitors and evaluates cybersecurity performance, and improves it on the basis of new threats; improves skills as needed CIO Collaborates with organizational leaders and guides the building of the cybersecurity program; communicates strategy and objectives across the organization 8
  • 9. Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client Mission-critical priority With the aim to streamline business processes and develop a digital- business-ready environment, Pacific Textiles wanted to develop a framework that adheres to IT compliance, minimizing cybersecurity risk. How Gartner helped With access to Gartner experts, research and tools, Pacific Textiles was able to digitalize information through an ERP system, automate manufacturing processes with new technology and craft a ready-to-execute cybersecurity roadmap. Mission accomplished With the help of Gartner, Pacific Textiles was able to: • Take a holistic approach to governance and risk management procedures • Build a strong digital business foundation • Optimize business processes, saving time and energy for the top management Customer success story: Enabling IT Compliance With Cybersecurity Roadmap 9
  • 10. Explore these additional complimentary resources and tools for cybersecurity leaders: Already a client? Get access to even more resources in your client portal. Log In Access other roadmaps in this series Protect Your Business Assets With a Roadmap for Maturing Information Security Roadmap: Drive Successful Digital Growth With Data and Analytics Migrating Data and Analytics Architectures to the Cloud: Roadmap Enhance Your Roadmap for Effective Data Governance Roadmap: Devising an Effective Cloud Strategy Research The CISO’s Guide to Your First 100 Days Find out the actions you should take in your first 100 days as a CISO. Webinar Treat Cybersecurity as a Business Investment for Better Outcomes Understand how to communicate outcome-driven metrics to your board of directors. eBook Leadership Vision for Security and Risk Management Leaders Explore the top 3 strategic priorities for security and risk management leaders. Conference Explore Gartner Cybersecurity Conferences Advance your cybersecurity and risk management strategy by attending a Gartner conference. Actionable, objective insight Gartner for Cybersecurity Leaders Follow Us on LinkedIn Become a Client
  • 11. Connect With Us Get actionable, objective insight to deliver on your mission-critical priorities. Our expert guidance and tools enable faster, smarter decisions and stronger performance. Contact us to become a client: U.S.: 1 855 811 7593 International: +44 (0) 3330 607 044 Become a Client Learn more about Gartner for Cybersecurity Leaders gartner.com/en/cybersecurity Stay connected to the latest insights © 2023 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GTS_2290572