Goal: Establish the prerequisites necessary for the proper implementation of the information security program.
  1. Alignment with Business Missions & Objectives
  2. Stakeholder Buy-In
  3. Executive Sponsorship
  4. Business Case
  5. Budget Authority
  6. Steering Committee
  7. Roles & Responsibilities
  8. Managed Security Service Providers (MSSPs)
  9. Cyber Insurance
  10. Cybersecurity Project Management
  11. Capacity Planning
  12. Requirements Gathering
  13. Network & Computer Hardware Upgrades
  14. Reviewing & Upgrading Operating Systems
  15. Refresh Cycles
  16. Communication Channels
  17. Maintenance Windows & Blackout Periods
  18. Staging Environment
  19. Scope Statement
  20. Program Charter
  21. Security Roadmap
  22. Metrics & Key Indicators