SRG Advisory Group LLC, Logo

Scope - Risk - Gap

Phone Icon (862) 227-1002

Security Program Maturity Workshop

Security Program Maturity Workshop Phases

The Security Program Maturity Workshop (SPMW) is designed to help organizations at all maturity levels identify and evaluate the “key elements” needed to build and expand an effective information security program.

The SPMW is designed to achieve the following:

  • Provide a foundational building block towards implementing any organizationally focused security controls framework based on industry accepted standards such as COBIT, ISO 27001 & the NIST/CSF.
  • Evaluate your organization's security program maturity and gain control over your strategic security roadmap.
  • Provide immediate focus on the business-critical aspects of your security program.
  • Assist in the establishment of a process that will ensure continued benchmarking/evaluation of the security program to ensure continued progress with stated goals, timelines and objectives.

Organizations that partner with SRG for this unique workshop obtain rare and highly valuable insight into their security organization and strengths and weaknesses, by partnering with SRG for a 2-day onsite assessment that delves deeply into everything from the strategic direction of the company and its relationship to information security, through tactical assessments of security practices across the board, from toolset sufficiency to security awareness and training and everything in between. This is a true "soup-to-nuts" deep dive into your organization's entire security program that has proven itself with some of the most complex security organizations in the country. A process that scales from small security shops to the Fortune 500.

Questions addressed via the Security Program Maturity Workshop include:

  • Is our spending aligned with our organization's goals and strategy?
  • Given our risk appetite and the nature of our risks, are we putting resources where they best help us control risk?
  • Are we considering all of the significant risks we need to in our risk assessment process?
  • In what specific areas do we have the biggest gaps between our "desired state" and our "current state"?
  • What are the top 5 "bang for the buck" security initiatives we should consider concentrating on?
  • What would a 3-year "roadmap" look like of us getting to where we want and need to be?