Development of IT security strategy roadmap and execution framework

309

Service: Execution projects
Sector: Other
Area of expertise: Cyber Security

THE SITUATION

Denmark’s largest railway company had completed a series of analyses, which concluded that their current IT security level was low compared to similar businesses and therefore had to be increased due to a NIS-directive voted-in by the EU. One specific analysis also suggested a series of remediation activities to increase the reported maturity level. The client needed to develop and communicate actionable IT security aspirations and projects. Hence, the purpose of the IT security strategy roadmap and execution framework was to provide a basis for communication and direction for the improvement of IT security level of the company.

WHAT WE DID

Firstly, Kopenhagen Konsulting analyzed the available material provided by the client. This activity established a solid understanding of previous activities and gave context to the work lying in front. The currently approved activities were put in relation to best-practice, which resulted in the addition of new activities deemed necessary for the success of the overall aspirations, and changes in the sequence of set activities.

Secondly, Kopenhagen Konsulting created a new roadmap based within the NIST-framework (Identify, Protect, Detect, Respond, and Recover) and mapped out activities in terms of their association with the categories of the NIST-framework. This simplified the conversation with non-IT personnel due to the uncomplicated nature of the framework.

Thirdly, Kopenhagen Konsulting made certain to keep the client informed on any changes and updated the roadmap through three separate steps in order to ensure that the client was on board before progressing. Additional features such as a comment-section and interactive zooming were added as well.

THE OUTCOME

This exercise also included framing the activities in a narrative that could be easily communicated to the steering committee and other stakeholders resulting in better stakeholder management and increased buy-in from all client staff.