Cybersecurity Strategy Management Framework

This article is part of the Cybersecurity Strategy Management Framework. The work on it is currently in progress. You can read more about the framework in this article.

Purpose

The purpose of developing a stakeholder collaboration plan is to align your cyber strategy with the organizational objectives and ensure strategy buy-in and efficient development of key deliverables.

Objectives

Alignment with organizational objectives

Ensure that your strategy is aligned with organizational and technology objectives. Demonstrate to senior management that it contributes to the overall success of your organization.

Efficient development of key deliverables

Ensure that all necessary deliverables are produced efficiently, with contributions from required stakeholders.

Increased strategy buy-in

Foster a sense of shared ownership among your stakeholders by involving them in creating deliverables. Improve their buy-in and commitment during implementation.

Enhanced strategy adaptability

Consider the diverse perspectives of your stakeholders. Make your strategy robust and flexible. Ensure it adapts to evolving changes in your business context.

Inputs

Stakeholder inventory

List of cybersecurity stakeholders with their characteristics, including their influence, interest, and assignment to appropriate stakeholder categories. Developed as part of “1a. Analyze cybersecurity stakeholders” activity.

Project requirements

The list of conditions related to project execution, cybersecurity strategy, or the capabilities developed or enhanced due to strategy implementation.

Activities

1. Review stakeholder tiers

Review the stakeholder tiers you assigned as part of the “1A. Analyze cybersecurity stakeholders” activity.

2. Select collaboration strategies

Identify the most suitable collaboration strategies for each of your stakeholders.

3. Prepare the plan template

Create a collaboration plan to capture and organize collaboration activities.

4. Review project activities, objectives and deliverables

Review your strategy project activities, objectives and deliverables to tailor collaboration activities.

5. Define collaboration activities

Translate collaboration strategies into concrete actions aligned with your project plan.

6. Identify required stakeholders

Identify stakeholders who should be involved in each collaboration activity.

7. Summarize collaboration plan

Summarize your collaboration plan using a previously defined template.

Review stakeholder tiers

Successful implementation of your cybersecurity strategy requires collaboration among your stakeholders. Engaging them in the strategy development process can help you to achieve the following:

Increased sense of ownership. Involving stakeholders in the process gives them a sense of ownership over the deliverables they produce together. Their emotional investment usually leads to increased engagement during strategy implementation and maintenance.

Diverse perspectives and expertise. Your stakeholders can bring varied perspectives and expertise. When considering different viewpoints while designing your strategy, you ensure it is sufficiently robust and comprehensive.

Better alignment with organizational goals. Engaging your stakeholders from the start helps ensure that your strategy aligns with your company’s broader goals and objectives. As a result, it demonstrates to your management that cybersecurity supports achieving strategic objectives while keeping the risks under control.

Feedback loop for continuous improvements. Stakeholder engagement creates a feedback loop that can continuously improve the strategy and keep it adequate and relevant.

Considering these benefits, it is crucial to understand and analyze your stakeholders effectively. We described this process in detail as part of the “1A. Analyze cybersecurity stakeholders” activity.

During that activity, you identified your stakeholders relevant to the cyber strategy design and classified them into the following tiers:

Players. These are key decision-makers with high power and interest, such as senior management and IT leaders. They are crucial in shaping your strategy, promoting it, and providing the necessary resources.

Context Setters. These stakeholders have power but lack interest. They may include industry groups or regulatory bodies that define regulations or market standards for cybersecurity in your industry. As a result, they can heavily impact your strategic direction.

Subjects. This tier usually includes employees, customers, and vendors. These stakeholders have legitimate concerns about cybersecurity but lack decision-making power. However, you must consider their input to understand business challenges and promote a user-centric approach.

Crowd. This tier comprises stakeholders without direct power and low interest in your strategy. It may include wider public or peripheral suppliers. They are not your primary focus, but keeping them informed about your cybersecurity posture is important from the public relations and reputational perspectives.

The tiers assigned to your inventory stakeholders are critical for defining a stakeholder collaboration plan. They help to identify the most suitable collaboration strategies based on your stakeholders’ interests and power.

Select collaboration strategies

Building on the stakeholder analysis you have conducted earlier, you can select the right collaboration strategies. We can divide these strategies broadly into several groups, each tailored to different needs and interactions:

Partnership. This strategy involves collaborating with key stakeholders to achieve common objectives. It is characterized by shared accountability and responsibility, where you and your stakeholders contribute resources and share risks. Such partnerships are crucial for continuous cybersecurity improvement.

Participation. In this strategy, you involve your stakeholders in completing specific tasks or producing deliverables. You can engage them in the target state design workshops, defining security policies and standards or developing cyber security processes. By doing this, your stakeholders are given a say in decision-making processes. It is particularly important when specific decisions directly impact their work.

Consultation. This approach entails seeking inputs from stakeholders like cybersecurity experts, legal advisors, or regulatory bodies when working on your deliverables. It recognizes the value of their insights in shaping effective cybersecurity capabilities and can range from informal discussions to formal feedback mechanisms.

Push Communication. It is a strategy where you disseminate important cybersecurity information, such as policy updates or changes to security processes, to stakeholders like employees and customers without expecting immediate feedback. It keeps them informed and prepared but does not necessarily engage them in a dialogue.

Pull Communication. In contrast to push communication, this strategy allows stakeholders to access cybersecurity information conveniently when needed. It involves making resources like cyber strategy, supporting roadmap, process descriptions, guidelines or progress updates available on platforms that stakeholders can visit to obtain required information.

These are the most common strategies used in stakeholder management. However, if you are interested in other approaches, please refer to “AA1000 Stakeholder Engagement Standard (SES) 2015,” published by AccountAbility. It aims to establish best practices in stakeholder engagement.

Once you understand these strategies well, you can select the most appropriate ones based on your stakeholder tiering. The following table presents rough guidelines you can use to map collaboration approaches:

Stakeholder Tier	Collaboration Strategy	Description
Players	Partnership	Forming strong partnerships with Players is crucial due to their significant influence and ability to drive cybersecurity initiatives.
Players	Participation	Engaging players in decision-making processes is essential, as their insights and authority are vital for the success of a cyber strategy.
Context Setters	Consultation	Consulting with Context Setters ensures the cyber strategy aligns with regulatory standards and compliance requirements and incorporates strategic insights.
Context Setters	Pull Communication	Allows Context Setters to stay informed about cybersecurity developments without needing continuous updates.
Subjects	Participation	Involving Subjects in decision-making addresses their immediate cybersecurity concerns and leverages their on-the-ground insights.
Subjects	Push Communication	Keeps Subjects informed about cybersecurity issues that affect them, maintaining awareness and preparedness.
Crowd	Push Communication	Providing general information about cybersecurity initiatives helps keep the Crowd informed.
Crowd	Pull Communication	Allows those in the Crowd who are interested to seek out more detailed cybersecurity information.

These strategies, tailored to each stakeholder tier, show the importance of a balanced approach to stakeholder collaboration in cybersecurity. They not only assure effective engagement but also link back to the benefits of diverse perspectives, improved communication, and alignment with organizational goals presented in the first section of this article.

After selecting collaboration strategies, your stakeholder inventory should include the proposed collaboration approach for each stakeholder, as shown in the example below:

Stakeholder	Stakeholder Tier	Collaboration Strategy
CEO	Players	Partnership
CFO	Context Setters	Consultation
CTO	Players	Participation
Data Protection Agency	Context Setters	Pull Communication
Employees	Crowd	Push Communication
Information Owners	Subjects	Participation

Prepare plan template

Having selected your collaboration strategies and aligned them with different stakeholder tiers, the next step is to put these strategies into action. Create a stakeholder collaboration plan template to help you systematically organize and implement your strategies, ensuring effective stakeholder engagement throughout each strategy development phase.

You can structure your stakeholder collaboration plan template as follows:

Project phase

Name of the strategy development phase you are addressing.

Project activity

Name of the activity in the strategy development project.

Objectives

Key objectives associated with the selected project activity. We describe these objectives in each process step documented in our framework.

Deliverables

Key deliverables expected as a result of completing the project activity. We describe these deliverables in each process step in our framework

Collaboration activity

The type of collaboration activity required to achieve the identified objectives or produce the necessary deliverables.

Required stakeholders

The list of stakeholders who need to be involved in the collaboration activity.

By preparing this stakeholder collaboration plan template, you create a framework to guide stakeholder engagement throughout the cyber strategy development process. This structured approach ensures that every stakeholder interaction is purposeful, aligned with your objectives, and leverages the insights from your stakeholder analysis.

Review activities, objectives and deliverables

With your stakeholder collaboration plan template in place, dive into a detailed review of your cyber strategy project’s activities, objectives, and deliverables. This step ensures that your collaboration strategies are finely tuned to each aspect of your project, enhancing their effectiveness and efficiency.

Review project activities. Begin by examining each phase of your cyber strategy project. Identify the critical activities that require collaboration with your stakeholders. Refer to our Cyber Strategy Management Framework for a comprehensive list of activities within a cyber strategy development project. Understanding the requirements of each activity will guide you in determining the most appropriate collaboration approach. Select the first activity for which you need to define associated collaboration activities.

Review objectives. Next, focus on the objectives associated with the activity. They define what you aim to achieve. By reviewing these objectives, you gain clarity on what type of collaboration activity will best support their achievement. This step ensures that your collaboration is purpose-driven.

Review deliverables: Lastly, closely examine the deliverables of the activity. Understanding the nature of these deliverables is crucial for deciding how best to produce them. This examination will also help you choose the most appropriate collaboration activity for effectively producing these deliverables.

By actively reviewing your cyber strategy development project’s activities, objectives, and deliverables, you create a solid groundwork for a collaboration plan that aligns perfectly with your project goals.

Define collaboration activities

Following your review of the project’s activities, objectives, and deliverables, you can define specific collaboration activities. This step involves turning your overarching collaboration strategies into concrete, actionable steps. As you do this, consider several critical factors to select the most suitable activities for effective engagement:

Organizational culture. Consider the prevailing attitudes, values, and practices within your organization. Activities should align with these cultural aspects to ensure smooth adoption and participation.

Stakeholder context. Consider the specific needs, interests, and characteristics of your stakeholders, which you assessed as part of your “1A. Identify stakeholders“, “1E. Interview key stakeholders,” and “1F. Finalize context review” activities. Choose activities that align with these particulars for relevance and effectiveness.

Project timeline. Evaluate the timeline of your cyber strategy project. Activities should fit within the overall schedule, with consideration for necessary preparation and follow-up time.

Resource availability. Ensure the chosen activities are feasible within your resource constraints, considering personnel, budget, and technology.

Communication preferences. Match your activities with your stakeholders’ preferred communication channels and styles to increase their engagement. For stakeholders classified as Players, you asked about their preferences during the “1E. Interview key stakeholders” activity.

Sensitivity of information. Tailor the collaboration activities based on the sensitivity of the shared information and the associated risks.

We present the following curated list of collaboration activities to suit different stakeholder engagement strategies, particularly during cyber strategy development projects. These activities will maximize the effectiveness of your stakeholder interactions, addressing the unique needs and dynamics of each stakeholder group while considering the factors mentioned above.

Partnership

Shared project teams

Establish teams that include members from the cyber strategy team and the stakeholder group to work on specific strategy components. These teams bring together diverse skills for cybersecurity strategy development, promoting shared responsibility and utilizing different stakeholders’ expertise effectively. Be mindful of potential inter-organizational conflicts and the complexities of managing team dynamics.

Workshops

Organize workshops where you can collaboratively discuss and plan aspects of the cyber strategy. Workshops facilitate collaborative problem-solving, build trust, and align diverse viewpoints. They are ideal for brainstorming and mutual understanding, especially in target state design or roadmap development activities. They are also useful when you want to identify stakeholders’ views on specific topics or issues, obtain feedback on your initial deliverables, or agree on a way forward. However, managing diverse inputs efficiently and the significant time and resources required can be challenging.

Co-creation

Involve stakeholders in developing project deliverables, such as threat landscape reviews, control framework, capability models, process flows, reports or presentations, and crafting project charters or roadmaps. Co-creation fosters a deep sense of ownership and ensures outputs align closely with stakeholders’ needs and expectations.

Regular strategy meetings

Schedule meetings to review progress, share insights, and make joint decisions. These meetings ensure ongoing alignment and communication during cybersecurity strategy development. However, they can become routine and less effective if not managed well, and coordinating schedules may be challenging.

Briefings

Conduct briefings, particularly in-person, tailored for key executives or stakeholders. These are essential for discussing confidential aspects of the cyber strategy and are supported by briefing notes or reports.

Participation

Collaboration tools

Utilize tools like Microsoft Teams or SharePoint to enhance real-time communication and collaboration, allowing stakeholders to share documents, provide feedback, and collectively work on strategy development project deliverables.

Town hall meetings

Conduct larger, open forums where stakeholders can voice their thoughts and concerns. These meetings demonstrate transparency in cybersecurity strategy development and encourage open dialogue. To be effective, participants must feel safe to raise any issues or concerns, and you need to consider them. The challenge lies in managing large groups effectively and ensuring that dominant voices do not overshadow others.

Focus groups

Gather small groups of stakeholders to provide feedback on specific aspects of the cyber strategy or specific deliverables. Focus groups are valuable for understanding stakeholder perceptions but might not represent the broader stakeholder population and are prone to groupthink.

Advisory board

Create a strategic board including key stakeholders who can provide ongoing advice and guidance. Advisory boards offer strategic direction for your project, though their decision-making can be slow and risk bias if they lack diversity.

Feedback surveys

Distribute surveys to gather stakeholders’ opinions and suggestions. Feedback surveys are efficient for collecting broad opinions, but their effectiveness depends on question quality, and low response rates can impact data validity.

Consultation

Interviews

Conduct one-on-one interviews with stakeholders to gain in-depth insights and discuss cybersecurity topics. Interviews are excellent for understanding complex issues and identifying stakeholder-specific concerns. They demonstrate commitment and help build relationships, although they are time-intensive and dependent on the interviewees’ expertise and biases.

Questionnaires

Use questionnaires to gather information from a wide and diverse range of stakeholders. They provide detailed data and are particularly useful in assessing the current state of cybersecurity. However, their effectiveness hinges on the quality and clarity of the questions posed. Long or complex questionnaires can be daunting and may lead to stakeholder frustration or disengagement, especially if respondents are unfamiliar with cybersecurity concepts. Furthermore, stakeholders might misinterpret questions, leading to lower-quality responses. To mitigate these issues, complement the questionnaires with interviews, where you can clarify questions, delve deeper into specific topics, and accurately record responses.

Roundtable discussions

Organize group discussions on specific cyber strategy topics. Roundtable discussions foster equal participation and benefit from collective expertise, though reaching a consensus can be challenging, and dominant voices may overshadow quieter participants.

Feedback panels

Set up panels comprising various stakeholders who can provide critiques and suggestions for your project deliverables. Feedback panels offer diverse perspectives and are effective for critical evaluation, though managing them to ensure constructive feedback and dealing with the time commitment of panel members can be challenging.

Consultative workshops

Engage stakeholders in consultative workshops for detailed discussions on cybersecurity. These workshops facilitate hands-on feedback, but be mindful of their resource intensity and suitability issues, especially for larger groups.

Push Communication

Newsletters

Send regular newsletters, updating stakeholders on the progress and developments in the cyber strategy. Newsletters can reach a wide audience but may offer limited interaction and risk information overload.

Email updates

Use periodic email communications to provide key information and updates. Email updates ensure direct, personalized and timely cybersecurity communication, though they might get overlooked in crowded inboxes.

Presentations

Leverage presentations to distribute important cybersecurity information effectively, using visual and verbal communication methods to resonate with the audience. You can use them to outline progress, challenges and plans.

Informational webinars

Host online meetings to inform stakeholders about specific aspects of the cyber strategy. Webinars reach a broad audience remotely and are suitable for educating stakeholders, but watch out for potential technical issues and passive participation.

Podcasts

Publish podcasts as an engaging way to disseminate cybersecurity information, reaching stakeholders through a more personal and accessible medium.

Pull Communication

Dedicated web portal

Create an online resource center where stakeholders can access cyber strategy information conveniently. A dedicated web portal offers continuous access to cybersecurity information but requires regular updates to maintain engagement.

Interactive FAQs

Set up a dynamic FAQ section on a website, allowing stakeholders to find answers to common questions. Interactive FAQs address common queries efficiently but may not cover all stakeholder concerns.

Resource libraries

Develop online libraries containing documents, videos, and other resources related to the cyber strategy, providing stakeholders with extensive materials for in-depth exploration.

As you select specific collaboration activities, transform your overarching strategies into concrete, actionable steps. Ensure that the description of each activity includes a clear definition of what will happen, when it will happen, and the overall approach.

As a result of this careful selection process, you should now have the most appropriate collaboration activity or set of activities assigned to a specific project activity, as in the example below.

Project Phase	Project Activity	Objectives	Deliverables	Collaboration Strategy	Collaboration Activity	Collaboration Activity Description
1 - Horizon	1e - Interview stakeholders	Understand stakeholder motivations Identify common interests Gather initial requirements	Horizon meeting notes	Partnership Participation Consultation	Horizon interviews	Conduct 30-minute one-on-one interviews with key stakeholders to understand their motivations, identify common interests, and gather initial requirements.
2 - Target	2b - Prioritize security areas 2c - Define high-level objectives	Provide strategic direction Efficiently use available resources	Cyber domain ratings Strategic cybersecurity objectives	Partnership Participation	Target state design workshop 1	Conduct a half-day workshop to prioritize cyber security areas and define high-level objectives for cyber strategy.

Identify required stakeholders

After selecting a specific collaboration activity or set of activities, you can identify the required stakeholders. This decision is vital to ensure that your deliverables are comprehensive, include various points of view and have a buy-in of relevant stakeholders.

To accurately identify the right stakeholders, consider these critical criteria:

Nature of project activity. Evaluate the project activity in your cyber strategy project associated with the proposed collaboration activity. Identify stakeholders with the expertise or influence needed to complete the project task, such as IT specialists for defining technical standards and legal advisors for policy development.

Objectives associated with the project activity. Determine stakeholders who can help achieve the objectives of each activity. Look for individuals with the relevant knowledge, skills, or authority. For instance, include data security professionals when designing a model for your data leakage prevention capability.

Deliverables. Choose stakeholders who can ensure each deliverable is comprehensive and meets the needs of its users, including direct users, those impacted by the deliverable, and those who can offer essential insights or validation.

Nature of collaboration activity. Match the type of collaboration activity with appropriate stakeholders. Some activities may require smaller, more focused groups, while others benefit from broader participation.

Collaboration strategies defined earlier. Align stakeholder selection with the collaboration strategies you have already chosen. This alignment ensures stakeholders are well-suited to the planned collaboration, partnership, participation, or consultation. For example, involve key decision-makers in partnership activities where you need to make significant strategic decisions.

By actively identifying the right stakeholders for each collaboration activity, you create a foundation for a cyber strategy that is technically robust and enjoys broad support and inclusivity within your organization.

You should repeat the process steps outlined in parts 5 and 6 of this article for each project activity where collaboration with stakeholders adds value.

Summarize collaboration plan

Following the detailed steps of defining collaboration activities outlined in the previous sections, you can now turn your attention to summarizing your stakeholder collaboration plan using the template provided earlier. This summary links together the strategy development phase, project activity, objectives, deliverables, collaboration activity, and required stakeholders — all elements you defined earlier.

As you prepare this summary, consider the following:

Adopt an agile approach. Ensure your plan remains adaptable to changes in stakeholder dynamics and organizational priorities.

Update continuously. Regularly revise your plan to incorporate new insights, feedback, or changes in your project scope.

Integrate a feedback mechanism. As suggested in the stakeholder engagement process, include a tool for stakeholders to provide feedback on the collaboration, facilitating continuous improvement.

Allocate resources efficiently. Pay careful attention to allocating time, budget, and personnel for each collaboration activity to guarantee practical implementation.

Integrating these considerations into your collaboration plan summary creates a comprehensive approach to engage your stakeholders during cyber strategy definition, implementation, and maintenance.

For a practical understanding of how different elements come together in a real-world scenario, please refer to the example of the collaboration plan provided below. This example will give you a clearer picture of how to apply the principles and strategies discussed throughout this article to create an effective collaboration plan for your cyber strategy projects.

Project Phase	Project Activity	Objectives	Deliverables	Collaboration Strategy	Collaboration Activity	Collaboration Activity Description	Required Stakeholders
All	All	All	All	Partnership	Advisory board	The advisory board will meet regularly to discuss strategic direction, review project progress, and provide expert insights.	CEO COO CIO CTO CISO
All	All	All	All	Partnership	Strategy meetings	Establish strategy meetings to review progress updates, resolve issues, approve changes, analyze performance, conduct future planning, review resources, collect feedback and generate ideas.	CISO Information Security Managers
All	All	All	All	Partnership Participation Push Communication	SharePoint site	Establish and maintain a SharePoint site for storing and sharing project documents and collaborative work.	Project Team Members
1 - Horizon	1e - Interview stakeholders	Understand stakeholder motivations Identify common interests Gather initial requirements	Horizon meeting notes	Partnership Participation Consultation	Horizon interviews	Conduct 30-minute one-on-one interviews with key stakeholders to understand their motivations, identify common interests, and gather initial requirements.	CEO COO CIO CTO CRO DPO Audit Compliance Head of Architecture Head of Development
2 - Target	2b - Prioritize security areas 2c - Define high-level objectives	Provide strategic direction Efficiently use available resources	Cyber domain ratings Strategic cybersecurity objectives	Partnership Participation	Target state design workshop 1	Conduct a half-day workshop to prioritize cyber security areas and define high-level objectives for cyber strategy.	CISO Information Security Managers CTO Head of Architecture
2 - Target	2d - Define target state model	Define best in class security	Target state model	Partnership Participation	Target state design workshop 2	Conduct workshops with subject matter experts and domain owners to define cyber capability models.	CISO Information Security Managers Information Security Professionals
3 - Orientation	3b - Conduct maturity assessment	Understand current state of cybersecurity	Current cyber maturity levels Issues	Consultation	Current state assessment interviews	Conduct a series of interviews to assess the maturity of cyber capabilities and identify issues and cost-saving opportunities.	Information Security Managers Information Security Professionals
3 - Orientation	3f - Define recommendations	Improve cyber capabilities Manage risks efficiently	Improvement recommendations	Consultation	Discussions on recommendations	Conduct a series of roundtable discussions to discuss the assessed maturity of cyber capabilities and the identified issues and review and collect feedback on proposed initial recommendations.	Information Security Managers Information Security Professionals
4 - Planning	4a - Identify implementation projects 4b - Develop project charters	Manage cyber improvements efficiently	Project list Project charters	Participation	Project identification and charters	Collaborate with selected stakeholders using online tools to identify existing and new projects required to achieve strategic cyber objectives and define proposed project charters, including their purpose, objectives, key deliverables and high-level resource assumptions.	CISO Information Security Managers PMO
4 - Planning	4c - Develop roadmap	Manage cyber improvements efficiently	Cyber strategy roadmap	Partnership Participation	Roadmap development workshop	Conduct a workshop with selected stakeholders to review the summary of the target state and required projects, prioritize these projects and develop a high-level roadmap.	CISO Information Security Managers PMO
4 - Planning	4e - Obtain strategy approval	Ensure strategy buy-in Ensure efficient implementation	Strategy approval	Partnership	Strategy approval briefings	Conduct a series of informal briefings with key stakeholders on the proposed strategy and roadmap to obtain initial feedback and their support.	CEO COO CIO CTO CRO DPO Audit Compliance Head of Architecture Head of Development Key Business Process Owners
4 - Planning	4e - Obtain strategy approval	Ensure strategy buy-in Ensure efficient implementation	Strategy approval	Partnership	Strategy approval presentation	Present a final version of your strategy to your key stakeholders to obtain formal approval.	CEO COO CIO CTO CRO DPO Audit Compliance Head of Architecture Head of Development
4 - Planning	4f - Communicate strategy and objectives	Ensure strategy buy-in Ensure efficient implementation	Strategy presentation	Push Communication	Strategy presentation	Conduct a series of webinars to present the strategy across the entire organization.	Employees
4 - Planning	4f - Communicate strategy and objectives	Ensure strategy buy-in Ensure efficient implementation	Strategy presentation	Pull Communication	Strategy site	Publish the strategy and supporting materials on the communication SharePoint site.	Employees
5 - Action	5d - Define policies and standards	Implement required controls	Policies Standards	Participation	Policy collaboration	Collaborate with selected stakeholders using online tools to define, review and approve required policies and standards.	Information Security Managers Information Security Professionals
5 - Action	5e - Define security processes	Implement required controls Ensure efficient process execution	Procedures	Partnership Participation	Process design workshops	Conduct workshops with security professionals and process stakeholders to define required cybersecurity processes, including their purpose, objectives, stakeholders, inputs, process flows, and outputs.	Information Security Managers Information Security Professionals Business Process Owners
5 - Action	5i - Build user awareness	Increase employee awareness	Awareness materials Awareness exercises	Push Communication	Cyber awareness	Establish an e-learning platform with the cyber program to increase awareness levels.	HR Information Security Professionals
5 - Action	5j - Implement reporting	Identify and remediate issues Improve cyber security capabilities	Security metrics Security dashboard	Pull Communication	SharePoint Site - reporting section	Create a dashboard with metrics covering critical controls	CISO Information Security Managers Information Security Professionals
6 - Tracking	6b - Manage stakeholder feedback	Improve cyber security capabilities Improve end user experience	Stakeholder feedback Improvements	Participation	SharePoint Site - feedback section	Establish a feedback section on SharePoint for ongoing stakeholder input and regularly review this feedback for strategy improvements.	Employees CISO Information Security Managers

Outputs

Stakeholder collaboration plan

A document that outlines how to engage various stakeholders in different phases of a strategy development project.

References

Use the following links to deepen your knowledge about this topic.

Articöes

Books

Standards

Articöes

Books

Standards

Cybersecurity Strategy Management Framework

This article is part of the Cybersecurity Strategy Management Framework. The work on it is currently in progress. You can read more about the framework in this article.

Cyber Strategy Management – 1G. Define collaboration plan

Cybersecurity Strategy Management Framework

Purpose

Objectives

Inputs

Activities

Review stakeholder tiers

Select collaboration strategies

Prepare plan template

Project phase

Project activity

Objectives

Deliverables

Collaboration activity

Required stakeholders

Review activities, objectives and deliverables

Define collaboration activities

Partnership

Shared project teams

Workshops

Co-creation

Regular strategy meetings

Briefings

Participation

Collaboration tools

Town hall meetings

Focus groups

Advisory board

Feedback surveys

Consultation

Interviews

Questionnaires

Roundtable discussions

Feedback panels

Consultative workshops

Push Communication

Newsletters

Email updates

Presentations

Informational webinars

Podcasts

Pull Communication

Dedicated web portal

Interactive FAQs

Resource libraries

Identify required stakeholders

Summarize collaboration plan

Outputs

References

Cybersecurity Strategy Management Framework