Generate Initial Security Program Dashboard
This element illustrates the development of your initial security program dashboard. This dashboard should be used to fuel the ability to make informed decisions within your environment.
Tips to Generate your Security Program Dashboard
Tip #1: Your primary objective with this dashboard is to do 1 or both items below:
- Get management or stakeholders to understand the status of your environment, thus assuming accountability for it.
- Present information so it supports making informed business decisions
Tip #2: Page balance to the eye and the color palette matter as much, or it could be argued more, as anything this document says. Make your dashboard look sharp.
Tip #3: Everything that you present in this dashboard should be presented in a way to evoke a decision. I generally like to draft the decision questions I want to be answered before the meeting, then review the completed dashboard to see if it has the correct information to help me answer that question.
Tip #4: All the verbiage in the dashboard should be able to be understood by someone that does not understand security.
Tip #5: Ensure that anyone that will be needed to make a decision is invited to the meeting where this dashboard is reviewed.
Tip #6: Ensure there are no typo’s in the document and it looks clean and organized. A common diversion tactic is to focus on those types of issues instead of the decisions you want.
Tip #7: Don’t stress if you do not get any decisions. Remember tip #1, if you did this right you are presenting this information to management, if they don’t want to make a decision with it, that is now on them, not you.
Remember, we understand that there might be questions and we are here to support you along the way!
CISOSHARE’s President and CEO
Mike Gentile has been helping organizations build Information Security Programs for more than 20 years. He has written multiple recognized books on the subject, provided hundreds of presentations, and built many Security Programs in both internal and external consulting roles