For larger institutions that are developing innovative technology, introducing new technology, or bringing it in through acquisition, ensuring that information security and broader governance requirements continue to be met can be difficult. Technology teams are busy delivering while security, architecture, and governance functions can struggle to align the work with broader strategic and operational goals.
This work sits inside transformation because the pressure is rarely abstract. It shows up in delivery, operating models, architecture, staffing, roadmaps, backlogs, and the governance demands around change.
Discovery & analysis
First, the proposed technology or change is reviewed to determine its many impacts by focusing on:
- existing governance practices
- proposed technology and changes
- architecture
- delivery practices
- technical controls
- staffing and roles
Strategic Outputs
Any of the following are then produced to resolve governance issues and inform strategic planning:
- interim operating model
- target operating model
- changes to threat models and risk management practices
- changes to policies and procedures
- skills gap identification and resolution plan
- product roadmap integration
- backlog development for delivery of technical controls
The secret is doing, not telling.