Strengths - Weaknesses - Opportunities - Threats - SWOT
Many information security organizations struggle with creating a functional program that follows business requirements and stays true to business intent. Treadstone 71 can lead you through the process of performing a Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis of your strategy and program. We will train your staff on how to perform a SWOT, execute the SWOT using existing program information, audit findings, policies, procedures and regulations.
Example areas of the SWOT are:
Strengths lists the most effective security aspects of your security program, for example regularly updated and current policies that are well communicated and followed. Improvements to the Department’s security posture can be accomplished by building upon these strengths.
Weaknesses outlines those aspects of your security program that put your organization at risk, for instance improperly configuration systems and devices, lack of well-defined procedures, ad-hoc entitlement review processes for remote access. These aspects of the program system should be improved.
Opportunities describes factors that can help improve your security program and overall posture. This might be the availability of security training funds for developers, or the implementation of a monitoring tool that was never deployed or not fully deployed that can greatly contribute to continuous monitoring. Items in this cell might be low-hanging-fruit--easy wins that can improve your overall security posture.
Threats highlights factors that magnify the adverse effects of your program weaknesses. For instance, your program may be subject to fine-imposing regulations, or may possess weak change management practices that lead to improper configuration management and a lack of asset management tracking. The improper configuration may also be a result of inappropriate access outside of release management windows.
You will walk away from this effort with an understanding of how to perform a SWOT; how to author and execute a security program plan, prioritized roadmap and how to deliver an effective communications plan that includes awareness and training.
Contact us now to get started on building a plan that gets the right people involved at the right time for the right reasons.