In many organisations, there is a natural tendency to buy and implement the latest and greatest tool. There’s no doubt that it is important to keep up with the ever-changing technology landscape, but Information security projects (and technology projects, for that matter) often fall at the last hurdle – service design and transition.
For example, we have seen enterprise-grade Data Loss Prevention (DLP) and Privileged Access Management (PAM) tools installed successfully, only for these tools to sit on the shelf six months later. This is typically due to undocumented processes or inadequate staff expertise on how to properly maintain the tools.
Tip One – Set a realistic project budget
The first place to start is to ensure your project budget includes service design and transition. There’s no point spending thousands of pounds on a new fancy tool, only for the operational teams to not know how to use it. At a minimum, ensure that 15% of your project budget is allocated to target operating model definition and service transition. This should include documenting operating procedures, conducting training and issuing communications. You will need to allocate more than this if there will be wide-reaching implications or organisational culture changes required.
Tip two – Continue to invest in people
Operational or BAU budgets should allow for maintenance and upgrades of tools, and investment in people and processes. It’s sometimes all too easy to fall into the trap of relying on the one or two superstars in your team that seem to know how to do everything. But what happens when they (inevitably) leave? Invest in knowledge management systems, cross-skilling, and training of junior staff.
Don’t be afraid to revisit the target operating model over time. What worked before may no longer be fit for purpose if your organisation’s structure or strategy has changed.
Don’t forget to invest in continuous training and communications with the wider IT or business community, as appropriate. Consider weaving important awareness messages into the new user onboarding process.
Tip three – Ensure good hygiene
Ensure your operational documentation (such as the detailed design document, procedures, or processes) is maintained and followed. This ensures you have consistency across your environment, which has broader benefits than you might realise. For example, license true-ups, investigations, and audits are that much easier when controls are applied consistently.
Develop metrics to measure how well your new security capability is working and managed.
The tips listed above focus on the non-technical aspects of ensuring the security capabilities you implement are maintained and sustained. However there are other considerations that need to be considered to improve the success rate of your cyber project. For more advice on ensuring success for your cyber security transformation, why not take a look at our other blogs and articles.
If you would like to discuss how your cyber security transformation outcomes could be improved, why not contact us on +44 203 603 4733 or email us at info@three-two-four.com.
If you enjoyed this blog then why not read our ‘How can I stop our Data Loss Prevention project from failing’ blog
