Strategic Planning

Many security leaders struggle to decide how to best to prioritise their scarce information security resources

The need to move from a reactive approach to security towards a strategic planning approach is clear. The path to getting there is less so.

african coworkers in the office 2022 09 06 15 36 11 utc

Build an information Security Strategy

Create value by aligning your strategy to business goals and business risks

Impact and Results

The most successful information security strategies are:

  • Holistic: they consider the full spectrum of information security, including people, process, and technology.
  • Risk aware: they understand that security decisions should be made based on the security risks facing their organisation, not just on “best practice.”
  • Business aligned: they demonstrate an understanding of the goals and strategies of the organisation and how the security program can support the business.

We use a highly effective approach to building an information security strategy, an approach that has been successfully tested and refined for more than seven years with hundreds of different organisations:

This approach includes tools for:

  • Ensuring alignment with business objectives.
  • Assessing organisational risks and stakeholders expectations.
  • Enabling a comprehensive current state assessment. 
  • Prioritising initiatives and building out a security roadmap.

Workshop: Build an information Security Strategy.

We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

smiling young african american professionals discu 2022 05 30 22 31 57 utc scaled 1

Stage 1: Assess security requirements

The Purpose

Understand business and IT strategy and plans.

Key Benefits Achieved

Define security obligations, scope, and boundaries.


- Security obligations statements.
- Security scopes and boundaries statements.
- Define risk tolerance level.
- Risk assessment and pressure analysis.

Stage 2: Perform the Gap Analysis

The Purpose

Define the information security target state

Key Benefits Achieved

Set goals and initiatives for the security strategy in line with business objectives.


- Information security target state
- Security current state assessment
- Initiatives to address gaps

Stage 3: Complete the Gap Analysis

The Purpose

Continue assessing current security capabilities.

Key Benefits Achieved

Identification of security gaps and initiatives to bridge them according to the business goals.


- Completed current state assessment
- Task list to address gaps
- Initiatives list to address gaps
- Prioritise criteria

Stage 4: Develop the Roadmap

The Purpose

Create a plan for your security strategy going forward.

Key Benefits Achieved

Set path forward to achieving the target state for the business through goal cascade and gap initiatives.


- Information security roadmap
- Draft communication deck

Stage 5: Communicate and Implement

The Purpose

Finalise deliverables.

Key Benefits Achieved

Consolidate documentation into a finalised deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.


- Security strategy roadmap documentation.
- Details of Jacana IT Solutions resources against individual initiatives.

It is not a matter of if you have a security incident, but when. Organisations need to prepare and expect the inevitable security breach