Hi everyone, Scott Munden here from Huntleigh Group.
Welcome to part three in our cybersecurity series on the security roadmap.
Part three we’re going to talk about the difference between a security roadmap and a WISP, which is a written information security plan.
To keep it simple, we kind of broke that into four categories,
- focus,
- purpose,
- content, and
- audience.
So to start with the focus, the roadmap is really kind of your organizational strategy and vision, kind of the future direction of your security posture, whereas the WISP is more of an operational plan, more detailed in terms of purpose.
Again, the roadmap is really a guide to achieving your security objectives over time, versus the WISP, which is really kind of establishing clear standards, it’s really the manual for your security practices.
For content, the roadmap is going to include some timelines, resource allocation, and your priorities. It’s really more about long term vision versus the WISP, which is going to get more detailed into roles and responsibilities and defining some protocols for responding to incidents.
Finally, on the audience, your audience for the roadmap is kind of that internal strategic planning. It’s also used to communicate that strategy to stakeholders. Whereas the WISP is really aimed at employees, including the IT staff. Sometimes it’ll include external auditors and regulators.
So that’s a brief description between the differences of a roadmap from a written information security plan.
I’ll look forward to delivering the next sequence. We’ll see you soon.