Skip to main content

The Key to a Strong IT Security Program | Optiv

September 22, 2014

Over the years, I have worked in top positions in the security departments of several major enterprises, which has given me insight into what separates a really strong IT security organization from one that’s just average. I’ve learned that there are key characteristics that IT security managers should try to implement into their organization to build more successful security programs. 

Through my experience working in Fortune 500 security organizations and mid- to small- security groups, I have seen that the threats are the same; it is just a matter of scale. The real key to a strong security organization is one that has created a business-aligned security strategy that allows them to articulate their security plans in terms of benefits to the business. The below steps can be applied across organizations of different sizes and industries to achieve a strong, business-aligned security program.

  • Talk to the leadership team about their business goals. Where are the crown jewels?  Why is the company winning in the competitive market? You must understand what needs to be protected to properly allocate resources.
  • Understand and discuss the exposure risk in terms of information risk, business operations risk, reputation risk, and legal and regulatory risk. Knowing how risk tolerant your organization is will help you build a security program that makes sense to the business.
  • Determine the real threats to the organization. Knowing what the business goals are and the risk tolerance of the perceived threats from the actual threats will help you focus your efforts. 
  • Understand all the security services currently in place.  Do you have the right people, process and technology?

Performing a security strategy assessment and seeking the answers to these questions will help you determine how mature your organization is, identify your challenges, and begin to formulate an action plan to best mature your program. No security team is perfect and no security team has all the resources they need.  But if you focus on business enablement and real threats, your program will be more successful.  

Related Blogs

January 28, 2013

iOS Passwords: Quick Tips to Maximize Your Security

Prior to joining FishNet Security, I examined mobile devices as a digital forensic analyst, actively researching and using different methods to remove...

See Details

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

April 30, 2009

Creating a Solid Information Security Program

A successful security program is not run like a dictatorship but rather like a partnership, one of the team, all fighting for a common cause. In order...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

December 10, 2014

Building an Information Security Program from Scratch | Optiv

The unfortunate reality of today’s business world is that information security breaches are an everyday occurrence. A quote that is thrown around in t...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

September 20, 2017

Cloud Security Architecture

Learn how our experts formulate an actionable strategy with key stakeholders and help implement your cloud security program across the enterprise.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.