Public Schedule

Security Strategic Planning, Policy, and Leadership

  • Courses
  • Security Strategic Planning, Policy, and Leadership

Information Technology

Leadership

Business Analysis

Certifications

Project Management

Public Schedule

Our Blogs

Get Course Information

Connect for information with us at info@velocityknowledge.com

How would you like to learn?*

5-Days Instructor Led

The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class, you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

Learning Objectives

This course will help your organization:

  • Create a security plan that resonates with customers
  • Develop leaders that know how to align cybersecurity with business objectives
  • Build higher performing security teams

Skills Learned:

  • How to develop strategic security plans
  • Create effective information security policy
  • Understand the different phases of the strategic planning process
  • Increase knowledge of key planning tools
  • Cultivate fundamental skills to create strategic plans that protect your company
  • Enable key innovations
  • Facilitate working effectively with your business partners
  • Advance security strategic plans that incorporate business and organizational drivers
  • Foster and assess information security policy
  • Use management and leadership techniques to motivate and inspire your team

Audience

The GIAC Strategic Planning, Policy, and Leadership (GSTRT) certification validates a practitioner’s understanding of developing and maintaining cyber security programs as well as proven business analysis, strategic planning, and management tools. GSTRT certification holders have demonstrated their knowledge of building and managing cyber security programs with an eye towards meeting the needs of the business, board members, and executives.

  • Business and Threat Analysis
  • Security Programs and Security Policy
  • Effective Leadership and Communications

Prerequisites

While there are no prerequisites for this course, please ensure you have the right level of experience to be successful in this training.

Course Outline

  1. MGT514.1: Strategic Planning Foundations

Creating security strategic plans requires a fundamental understanding of the business and a deep understanding of the threat landscape. Deciphering the history of the business ensures that the work of the security This business understanding needs to be coupled with knowledge of the threat landscape – including threat actors, business threats, and attacker tactics, techniques, and procedures – that informs the strategic plan. team is placed in the appropriate context. Stakeholders must be identified and appropriately engaged within this framework. This includes understanding their motivations and goals, which is often informed by the values and culture your organization espouses. Successful security leaders also need a deep understanding of business goals and strategy.

  • Strategic Planning Overview
  • 30-60-90 Day Plan
    • Building a plan for your leadership, your team, and for yourself
  • Decipher the Business
  • Historical Analysis
    • Analyze the past in order to understand the probable future
  • Stakeholder Management
    • Learn to identify, understand, and manage stakeholders in order to make the security team more successful
  • Values and Culture
    • Understand the values and culture of your organization in order to align security with the corporate culture and define acceptable working norms
  • Business Strategy
    • Use a strategy map to understand how to align with business objectives
  • Asset Analysis
    • Understand assets that are most valuable to the business and are of interest to attackers
  • Decipher the Threats
  • Threat Actors
    • Understand attacker motivations and techniques
    • Review real-word attack scenarios
  • Political, Economic, Social and Technological (PEST) Analysis
    • Identify business threats
  • Threat Analysis
    • Learn how the intrusion kill chain and MITRE ATT&CK inform strategic planning
  1. MGT514.2: Strategic Roadmap Development

With a firm understanding of the drivers of business and the threats facing the organization, you will develop a plan to analyze the current situation, identify the target state, perform gap analysis, and develop a prioritized roadmap. In other words, you will be able to determine (1) what you do today (2) what you should be doing in the future (3) what you don’t want to do, and (4) what you should do first. Once this plan is in place, you will learn how to build and execute it by developing a business case, defining metrics for success, and effectively marketing your security program.

  • Define the Current State
  • Vision and Mission
    • What they tell you about the organization
    • Develop a Security Team Mission Statement that Aligns with Organizational Goals
  • SWOT Analysis
    • Analysis of strengths, weaknesses, opportunities, and threats (SWOT)
    • Understanding of current SWOT
  • Develop the Plan
  • Vision and Innovation
    • Sustaining versus disruptive innovation
    • Jobs to be done theory
    • Learning to innovate with the business
    • How to provide value to stakeholders
  • Security Framework
    • NIST Cybersecurity Framework
    • Measuring maturity
  • Roadmap Development
    • Gap analysis
    • Security roadmap
  • Business Care Development
    • Approaches to obtaining funding
  • Deliver the Program
  • Security Metrics Program
    • Developing effective metrics
  • Marketing and Executive Communications
  • Promoting the work of the security team
  1. MGT514.3: Security Policy Development and Assessment

Policy is one of the key tools that security leaders have to influence and guide the organization. Security managers must understand how to review, write, assess, and support security policy and procedures. This includes knowing the role of policy in protecting the organization along with its data, systems, and people. In developing policy, you also need to know how to choose the appropriate language and structure so that it fits with your organization’s culture. As policy is developed you must manage the entire lifecycle from approval and socialization to measurement in order to make necessary modifications as time goes on. This is why assessing policy and procedure is so important. Policy must keep up to date with the changing business and threat landscape.

  • Purpose of Policy
    • Role of Policy
    • Establishing Acceptable Bounds for Behavior
    • Empowering Employees to Do the Right Thing
    • How Policy Protects People, Organizations, and Information
  • Develop Policy
    • Language of Policy
    • Policy Structure
    • Policy and Culture
    • Define Requirements
  • Managing Policy
    • Approve, Socialize, and Measure Policy
  • Assess Policy and Procedure
    • Using the SMART Approach
    • Policy Review and Assessment Process
  1. MGT514.4: Leadership and Management Competencies

This course section will teach the critical skills you need to lead, motivate, and inspire your teams to achieve your organization’s goals. By establishing a minimum standard for the knowledge, skills, and abilities required to develop leadership, you will understand how to motivate employees and develop from a manager into a leader.

  • Why Choose Leadership
    • Understanding Leadership
    • Leadership Building Blocks
  • Leadership Essentials
    • Building Trust
    • Servant Leadership
  • Effective Communications
    • Communication Process
    • Active Listening
    • Providing Feedback
    • Challenging Conversations
  • Build Effective Teams
    • Creating and Leading Teams
    • Learning to Delegate
    • Coaching, Mentoring, and Sponsorship
  • Leading Change
    • Psychology of Change
    • Organizational Change
  1. MGT514.5: Strategic Planning Workshop

Using case studies, students will work through real-world scenarios by applying the skills and knowledge learned throughout the course. The case studies are taken directly from Harvard Business School, which pioneered the case study method. The case studies focus specifically on information security management and leadership competencies. The Strategic Planning Workshop serves as a capstone exercise for the course, enabling students to synthesize and apply concepts, management tools, and methodologies learned in class.

  • Creating a Presentation for the CEO
  • Briefing the Board of Directors
  • Creating a Strategic Plan
  • Understanding Business Priorities
  • Enabling Business Innovation
  • Effective Communication
  • Stakeholder Management

Contact us to customize this course for your team and for your organization.

Contact Us?
Close

Search

Interested?
Security Strategic Planning, Policy, and Leadership

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.