Hi, everyone, Scott Munden here from Huntleigh Group.

Welcome to part two in our cybersecurity series on a security roadmap.

In part one, we talked about the purpose and scope of the roadmap and then some of the things that you’re going to want to look at, including in there part two, we’re going to talk about drawing insights from your roadmap.

 And that’s going to take the form of a 90 day report, so to speak.

And it’s going to include a couple of elements. It’s going to be specific to your environment, but in general,

  • security tasks,
  • new projects, and then
  • updates to your risk register.

So for your security tasks, that could be things that you’ve completed in the way of updates to vulnerabilities or patches. It could be the rollout of a new policy that was completed for new projects, same thing. It could be the rollout of new policies that you’re intending to do in the coming period and what the status of those are, and then finally your risk register.

This is going to include updates that you’ve made that reflect potential risks with new regulatory requirements coming out or published vulnerabilities that you need to be looking at. So it’s going to take on those things that may include other topics.

And I think you’re going to have a couple of different audiences for your report. So you need to kind of layer that in terms of the audience.

  • If it’s at an executive level, I think you want to keep it simple and focus on, say, look, this is where we said we’re headed and how we’re staying safe, and this is the progress we’ve made towards that.
  • If a technical audience is there, then you can include more details, more specifics. Always be prepare to answer questions, of course, but those are some of the basics of how you can draw insights using your roadmap.

So I look forward to presenting the next subject to you. See you soon.