Fresh and Practical Ideas in Planning and Managing Information Security
Security is about business, not technology. The organizations should be planning and managing information security as a business capability. Just like quality, if planned and managed properly, security capabilities can also provide a competitive advantage.
In the book, Achieving and Sustaining Secured Business Operations, Neelesh Ajmani and Dinesh Kumar provide a practical framework for assessing, planning and managing security from a business perspective thus avoiding over- and under- investments for information security.
to get different results, we do things differently
Eliminate non-value costs
Reducing Cost of Compliance
with quick readiness assessments, automated projections of capability assessments across various compliance frameworks, capability planning and management
Reducing or avoiding cost of consulting
with purpose-built and readily accessible knowledgebase, dependencies, best practices, on-line assessment, analytics and roadmapping
Reducing cost of Complexity
with capability-based, service-oriented people, process, information and technology management
Mitigate or Minimize Unnecessary Risks
Understand and manage what you must prevent and protect for the desired level of interaction and collaboration between people and processes
Predictively maintain technology lifecycles with knowledge of vendor support cycles, dependencies, impact analysis, technology roadmaps and portfolio management.
Value creation is not accidental. It must be planned and managed. Plan and manage capabilities with the value flow maps for successful transformation.
Create and Sustain Business Advantage
Proactive change
Strategy Execution
Organizational Maturity
how do we do it
The Value Management Platform
Capability management
Plan and publish Business and IT capability portfolio
Assess and roadmap capabilities
Architecture Management
Communicate Standards
Identify dependencies
Evaluate and select solutions
Maturity Management
Establish KPIs
Measurecurrent state
Identify gaps and develop plans
Portfolio Management
Rationalize capability, service, technology and project portfolios
Manage risks and complexity