Tips to Generating Initial Security Program Project Portfolio

Tips to Generating Initial Security Program Project Portfolio

May 10, 2017

Creating Your Initial Security Program Project Portfolio

Understand the development of your initial security project portfolio. This portfolio should be used to fuel your remediation plan and efforts.

Security Program Project Portfolio Tips:

Tip #1: The most important aspect of this step is to ensure that you can tell the exact set of reasons or findings that are driving why you would do a remediation activity.

Tip 2: You have the ability to scope the portfolio through which findings you include. If you have a low security program decision and execution capability score, you may want to just include the findings from your security program assessment. Once that is in place you can take on the other stuff much more effectively.

Tip 3: Use simple means to prioritize your initiatives. We provide some models in the CISO Handbook that can work. The simpler the prioritization method, the better it turns out. Using a complex risk methodology doesn’t provide the benefits to be worth the time and effort of increased accuracy.

Tip #4: It’s very common for existing security program budgets did not use a process like this for determining to fund. As a result, the identified total remediation scope, schedule, and budget may be far larger than what your organization expects or is ready for. As a result, be sure to inform management on the approach you used before giving a number that might really scare them. Once they understand the process, have them identify which projects they want to fund.

Tip #5: When calculating project costs, be sure to include both implementation costs as well as ongoing operational costs for headcount to maintain whatever was built moving forward.

Tip #6: Remember that it’s your job to identify and then tell the true story to stakeholders in the business. This does not mean that management will always make the decision to fix everything. Don’t take that personally.

Remember, we understand that there might be questions and we are here to support you along the way!

If you decide to contact our Information Security Experts, call us at 800-203-3817 or

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tips to Generating Initial Security Program Project Portfolio

Explore Our Resources