capability based planning compressed
TRANSCRIPT
Capability Based Planning
A Framework for Security Investment Planning
“What“ an
organization needs to be able to do to execute
its strategy
Capabilities
People Processes Technology
Capability Based PlanningOutcome Based Approach
Glue Between Strategy and Execution
Innovate Strategically with Full Traceability
The Planning ProcessIdentify
CapabilitiesModel Current State
Determine Outcomes
Rescore based on selected Investments
Score Capabilities Model Current State
Create Capability Map
Identify Candidate Investments
Identify and
Model Capabiliti
es
Malware Defence1. Employ automated tools to
continuously monitor 2. Employ anti-malware software 3. Limit use of external devices4. Enable anti-exploitation features5. Use network-based anti-malware
tools6. Enable domain name system
logging
Determine
Capability Outcome
s
Score Outcomes
and Capabiliti
es
Create Current State
Capability Heat Map
Identify and
Evaluate Security Investme
nts
Re-score Outcomes
and Capabiliti
es
Create Target State
Capability Heat Map
Review
The Planning ProcessIdentify
CapabilitiesModel Current State
Determine Outcomes
Rescore based on selected Investments
Score Capabilities Model Current State
Create Capability Map
Identify Candidate Investments
Questions?