Cyber Strategy Management – 1G. Define collaboration plan

Cybersecurity Strategy Management Framework

This article is part of the Cybersecurity Strategy Management Framework. The work on it is currently in progress. You can read more about the framework in this article.

Purpose

The purpose of developing a stakeholder collaboration plan is to align your cyber strategy with the organizational objectives and ensure strategy buy-in and efficient development of key deliverables.

Objectives

Alignment with organizational objectives
Ensure that your strategy is aligned with organizational and technology objectives. Demonstrate to senior management that it contributes to the overall success of your organization.
Efficient development of key deliverables
Ensure that all necessary deliverables are produced efficiently, with contributions from required stakeholders.
Increased strategy buy-in
Foster a sense of shared ownership among your stakeholders by involving them in creating deliverables. Improve their buy-in and commitment during implementation.
Enhanced strategy adaptability
Consider the diverse perspectives of your stakeholders. Make your strategy robust and flexible. Ensure it adapts to evolving changes in your business context.

Inputs

Stakeholder inventory
List of cybersecurity stakeholders with their characteristics, including their influence, interest, and assignment to appropriate stakeholder categories. Developed as part of “1a. Analyze cybersecurity stakeholders” activity.
Project requirements
The list of conditions related to project execution, cybersecurity strategy, or the capabilities developed or enhanced due to strategy implementation.

Activities

1. Review stakeholder tiers
Review the stakeholder tiers you assigned as part of the “1A. Analyze cybersecurity stakeholders” activity.
2. Select collaboration strategies
Identify the most suitable collaboration strategies for each of your stakeholders.
3. Prepare the plan template
Create a collaboration plan to capture and organize collaboration activities.
4. Review project activities, objectives and deliverables
Review your strategy project activities, objectives and deliverables to tailor collaboration activities.
5. Define collaboration activities
Translate collaboration strategies into concrete actions aligned with your project plan.
6. Identify required stakeholders
Identify stakeholders who should be involved in each collaboration activity.
7. Summarize collaboration plan
Summarize your collaboration plan using a previously defined template.

Review stakeholder tiers

Successful implementation of your cybersecurity strategy requires collaboration among your stakeholders. Engaging them in the strategy development process can help you to achieve the following:

Increased sense of ownership. Involving stakeholders in the process gives them a sense of ownership over the deliverables they produce together. Their emotional investment usually leads to increased engagement during strategy implementation and maintenance.

Diverse perspectives and expertise. Your stakeholders can bring varied perspectives and expertise. When considering different viewpoints while designing your strategy, you ensure it is sufficiently robust and comprehensive.

Better alignment with organizational goals. Engaging your stakeholders from the start helps ensure that your strategy aligns with your company’s broader goals and objectives. As a result, it demonstrates to your management that cybersecurity supports achieving strategic objectives while keeping the risks under control.

Feedback loop for continuous improvements. Stakeholder engagement creates a feedback loop that can continuously improve the strategy and keep it adequate and relevant.

Considering these benefits, it is crucial to understand and analyze your stakeholders effectively. We described this process in detail as part of the  “1A. Analyze cybersecurity stakeholders” activity. 

During that activity, you identified your stakeholders relevant to the cyber strategy design and classified them into the following tiers:

Players. These are key decision-makers with high power and interest, such as senior management and IT leaders. They are crucial in shaping your strategy, promoting it, and providing the necessary resources.

Context Setters. These stakeholders have power but lack interest. They may include industry groups or regulatory bodies that define regulations or market standards for cybersecurity in your industry. As a result, they can heavily impact your strategic direction.

Subjects. This tier usually includes employees, customers, and vendors. These stakeholders have legitimate concerns about cybersecurity but lack decision-making power. However, you must consider their input to understand business challenges and promote a user-centric approach.

Crowd. This tier comprises stakeholders without direct power and low interest in your strategy. It may include wider public or peripheral suppliers. They are not your primary focus, but keeping them informed about your cybersecurity posture is important from the public relations and reputational perspectives.

The tiers assigned to your inventory stakeholders are critical for defining a stakeholder collaboration plan. They help to identify the most suitable collaboration strategies based on your stakeholders’ interests and power. 

Select collaboration strategies

Building on the stakeholder analysis you have conducted earlier, you can select the right collaboration strategies. We can divide these strategies broadly into several groups, each tailored to different needs and interactions:

Partnership. This strategy involves collaborating with key stakeholders to achieve common objectives. It is characterized by shared accountability and responsibility, where you and your stakeholders contribute resources and share risks. Such partnerships are crucial for continuous cybersecurity improvement.

Participation. In this strategy, you involve your stakeholders in completing specific tasks or producing deliverables. You can engage them in the target state design workshops, defining security policies and standards or developing cyber security processes. By doing this, your stakeholders are given a say in decision-making processes. It is particularly important when specific decisions directly impact their work.

Consultation. This approach entails seeking inputs from stakeholders like cybersecurity experts, legal advisors, or regulatory bodies when working on your deliverables. It recognizes the value of their insights in shaping effective cybersecurity capabilities and can range from informal discussions to formal feedback mechanisms.

Push Communication. It is a strategy where you disseminate important cybersecurity information, such as policy updates or changes to security processes, to stakeholders like employees and customers without expecting immediate feedback. It keeps them informed and prepared but does not necessarily engage them in a dialogue.

Pull Communication. In contrast to push communication, this strategy allows stakeholders to access cybersecurity information conveniently when needed. It involves making resources like cyber strategy, supporting roadmap, process descriptions, guidelines or progress updates available on platforms that stakeholders can visit to obtain required information.

These are the most common strategies used in stakeholder management. However, if you are interested in other approaches, please refer to “AA1000 Stakeholder Engagement Standard (SES) 2015,” published by AccountAbility. It aims to establish best practices in stakeholder engagement. 

Once you understand these strategies well, you can select the most appropriate ones based on your stakeholder tiering. The following table presents rough guidelines you can use to map collaboration approaches:

Stakeholder TierCollaboration StrategyDescription
PlayersPartnershipForming strong partnerships with Players is crucial due to their significant influence and ability to drive cybersecurity initiatives.
PlayersParticipationEngaging players in decision-making processes is essential, as their insights and authority are vital for the success of a cyber strategy.
Context SettersConsultationConsulting with Context Setters ensures the cyber strategy aligns with regulatory standards and compliance requirements and incorporates strategic insights.
Context SettersPull CommunicationAllows Context Setters to stay informed about cybersecurity developments without needing continuous updates.
SubjectsParticipationInvolving Subjects in decision-making addresses their immediate cybersecurity concerns and leverages their on-the-ground insights.
SubjectsPush CommunicationKeeps Subjects informed about cybersecurity issues that affect them, maintaining awareness and preparedness.
CrowdPush CommunicationProviding general information about cybersecurity initiatives helps keep the Crowd informed.
CrowdPull CommunicationAllows those in the Crowd who are interested to seek out more detailed cybersecurity information.

These strategies, tailored to each stakeholder tier, show the importance of a balanced approach to stakeholder collaboration in cybersecurity. They not only assure effective engagement but also link back to the benefits of diverse perspectives, improved communication, and alignment with organizational goals presented in the first section of this article.

After selecting collaboration strategies, your stakeholder inventory should include the proposed collaboration approach for each stakeholder, as shown in the example below:

StakeholderStakeholder TierCollaboration Strategy
CEOPlayersPartnership
CFOContext SettersConsultation
CTOPlayersParticipation
Data Protection AgencyContext SettersPull Communication
EmployeesCrowdPush Communication
Information OwnersSubjectsParticipation

Prepare plan template

Having selected your collaboration strategies and aligned them with different stakeholder tiers, the next step is to put these strategies into action. Create a stakeholder collaboration plan template to help you systematically organize and implement your strategies, ensuring effective stakeholder engagement throughout each strategy development phase.

You can structure your stakeholder collaboration plan template as follows:

Name of the strategy development phase you are addressing.
Name of the activity in the strategy development project.
Key objectives associated with the selected project activity. We describe these objectives in each process step documented in our framework.
Key deliverables expected as a result of completing the project activity. We describe these deliverables in each process step in our framework
The type of collaboration activity required to achieve the identified objectives or produce the necessary deliverables.
The list of stakeholders who need to be involved in the collaboration activity.

By preparing this stakeholder collaboration plan template, you create a framework to guide stakeholder engagement throughout the cyber strategy development process. This structured approach ensures that every stakeholder interaction is purposeful, aligned with your objectives, and leverages the insights from your stakeholder analysis.

Review activities, objectives and deliverables

With your stakeholder collaboration plan template in place, dive into a detailed review of your cyber strategy project’s activities, objectives, and deliverables. This step ensures that your collaboration strategies are finely tuned to each aspect of your project, enhancing their effectiveness and efficiency.

Review project activities. Begin by examining each phase of your cyber strategy project. Identify the critical activities that require collaboration with your stakeholders. Refer to our Cyber Strategy Management Framework for a comprehensive list of activities within a cyber strategy development project. Understanding the requirements of each activity will guide you in determining the most appropriate collaboration approach. Select the first activity for which you need to define associated collaboration activities.

Review objectives. Next, focus on the objectives associated with the activity. They define what you aim to achieve. By reviewing these objectives, you gain clarity on what type of collaboration activity will best support their achievement. This step ensures that your collaboration is purpose-driven.

Review deliverables: Lastly, closely examine the deliverables of the activity. Understanding the nature of these deliverables is crucial for deciding how best to produce them. This examination will also help you choose the most appropriate collaboration activity for effectively producing these deliverables. 

By actively reviewing your cyber strategy development project’s activities, objectives, and deliverables, you create a solid groundwork for a collaboration plan that aligns perfectly with your project goals. 

Define collaboration activities

Following your review of the project’s activities, objectives, and deliverables, you can define specific collaboration activities. This step involves turning your overarching collaboration strategies into concrete, actionable steps. As you do this, consider several critical factors to select the most suitable activities for effective engagement:

Organizational culture. Consider the prevailing attitudes, values, and practices within your organization. Activities should align with these cultural aspects to ensure smooth adoption and participation.

Stakeholder context. Consider the specific needs, interests, and characteristics of your stakeholders, which you assessed as part of your “1A. Identify stakeholders“, “1E. Interview key stakeholders,” and “1F. Finalize context review” activities. Choose activities that align with these particulars for relevance and effectiveness.

Project timeline. Evaluate the timeline of your cyber strategy project. Activities should fit within the overall schedule, with consideration for necessary preparation and follow-up time.

Resource availability. Ensure the chosen activities are feasible within your resource constraints, considering personnel, budget, and technology.

Communication preferences. Match your activities with your stakeholders’ preferred communication channels and styles to increase their engagement. For stakeholders classified as Players, you asked about their preferences during the “1E. Interview key stakeholders” activity.

Sensitivity of information. Tailor the collaboration activities based on the sensitivity of the shared information and the associated risks.

We present the following curated list of collaboration activities to suit different stakeholder engagement strategies, particularly during cyber strategy development projects. These activities will maximize the effectiveness of your stakeholder interactions, addressing the unique needs and dynamics of each stakeholder group while considering the factors mentioned above.

Partnership

Establish teams that include members from the cyber strategy team and the stakeholder group to work on specific strategy components. These teams bring together diverse skills for cybersecurity strategy development, promoting shared responsibility and utilizing different stakeholders’ expertise effectively. Be mindful of potential inter-organizational conflicts and the complexities of managing team dynamics.
Organize workshops where you can collaboratively discuss and plan aspects of the cyber strategy. Workshops facilitate collaborative problem-solving, build trust, and align diverse viewpoints. They are ideal for brainstorming and mutual understanding, especially in target state design or roadmap development activities. They are also useful when you want to identify stakeholders’ views on specific topics or issues, obtain feedback on your initial deliverables, or agree on a way forward. However, managing diverse inputs efficiently and the significant time and resources required can be challenging.
Involve stakeholders in developing project deliverables, such as threat landscape reviews, control framework, capability models, process flows, reports or presentations, and crafting project charters or roadmaps. Co-creation fosters a deep sense of ownership and ensures outputs align closely with stakeholders’ needs and expectations.
Schedule meetings to review progress, share insights, and make joint decisions. These meetings ensure ongoing alignment and communication during cybersecurity strategy development. However, they can become routine and less effective if not managed well, and coordinating schedules may be challenging.
Conduct briefings, particularly in-person, tailored for key executives or stakeholders. These are essential for discussing confidential aspects of the cyber strategy and are supported by briefing notes or reports.

Participation

Utilize tools like Microsoft Teams or SharePoint to enhance real-time communication and collaboration, allowing stakeholders to share documents, provide feedback, and collectively work on strategy development project deliverables.
Conduct larger, open forums where stakeholders can voice their thoughts and concerns. These meetings demonstrate transparency in cybersecurity strategy development and encourage open dialogue. To be effective, participants must feel safe to raise any issues or concerns, and you need to consider them. The challenge lies in managing large groups effectively and ensuring that dominant voices do not overshadow others.
Gather small groups of stakeholders to provide feedback on specific aspects of the cyber strategy or specific deliverables. Focus groups are valuable for understanding stakeholder perceptions but might not represent the broader stakeholder population and are prone to groupthink.
Create a strategic board including key stakeholders who can provide ongoing advice and guidance. Advisory boards offer strategic direction for your project, though their decision-making can be slow and risk bias if they lack diversity.
Distribute surveys to gather stakeholders’ opinions and suggestions. Feedback surveys are efficient for collecting broad opinions, but their effectiveness depends on question quality, and low response rates can impact data validity.

Consultation

Conduct one-on-one interviews with stakeholders to gain in-depth insights and discuss cybersecurity topics. Interviews are excellent for understanding complex issues and identifying stakeholder-specific concerns. They demonstrate commitment and help build relationships, although they are time-intensive and dependent on the interviewees’ expertise and biases.
Use questionnaires to gather information from a wide and diverse range of stakeholders. They provide detailed data and are particularly useful in assessing the current state of cybersecurity. However, their effectiveness hinges on the quality and clarity of the questions posed. Long or complex questionnaires can be daunting and may lead to stakeholder frustration or disengagement, especially if respondents are unfamiliar with cybersecurity concepts. Furthermore, stakeholders might misinterpret questions, leading to lower-quality responses. To mitigate these issues, complement the questionnaires with interviews, where you can clarify questions, delve deeper into specific topics, and accurately record responses.
Organize group discussions on specific cyber strategy topics. Roundtable discussions foster equal participation and benefit from collective expertise, though reaching a consensus can be challenging, and dominant voices may overshadow quieter participants.
Set up panels comprising various stakeholders who can provide critiques and suggestions for your project deliverables. Feedback panels offer diverse perspectives and are effective for critical evaluation, though managing them to ensure constructive feedback and dealing with the time commitment of panel members can be challenging.
Engage stakeholders in consultative workshops for detailed discussions on cybersecurity. These workshops facilitate hands-on feedback, but be mindful of their resource intensity and suitability issues, especially for larger groups.

Push Communication

Send regular newsletters, updating stakeholders on the progress and developments in the cyber strategy. Newsletters can reach a wide audience but may offer limited interaction and risk information overload.
Use periodic email communications to provide key information and updates. Email updates ensure direct, personalized and timely cybersecurity communication, though they might get overlooked in crowded inboxes.
Leverage presentations to distribute important cybersecurity information effectively, using visual and verbal communication methods to resonate with the audience. You can use them to outline progress, challenges and plans.
Host online meetings to inform stakeholders about specific aspects of the cyber strategy. Webinars reach a broad audience remotely and are suitable for educating stakeholders, but watch out for potential technical issues and passive participation.
Publish podcasts as an engaging way to disseminate cybersecurity information, reaching stakeholders through a more personal and accessible medium.

Pull Communication

Create an online resource center where stakeholders can access cyber strategy information conveniently. A dedicated web portal offers continuous access to cybersecurity information but requires regular updates to maintain engagement.
Set up a dynamic FAQ section on a website, allowing stakeholders to find answers to common questions. Interactive FAQs address common queries efficiently but may not cover all stakeholder concerns.
Develop online libraries containing documents, videos, and other resources related to the cyber strategy, providing stakeholders with extensive materials for in-depth exploration.

As you select specific collaboration activities, transform your overarching strategies into concrete, actionable steps. Ensure that the description of each activity includes a clear definition of what will happen, when it will happen, and the overall approach. 

As a result of this careful selection process, you should now have the most appropriate collaboration activity or set of activities assigned to a specific project activity, as in the example below. 

Project PhaseProject ActivityObjectivesDeliverablesCollaboration StrategyCollaboration ActivityCollaboration Activity Description
1 - Horizon
  • 1e - Interview stakeholders
  • Understand stakeholder motivations
  • Identify common interests
  • Gather initial requirements
  • Horizon meeting notes
  • Partnership
  • Participation
  • Consultation
Horizon interviewsConduct 30-minute one-on-one interviews with key stakeholders to understand their motivations, identify common interests, and gather initial requirements.
2 - Target
  • 2b - Prioritize security areas
  • 2c - Define high-level objectives
  • Provide strategic direction
  • Efficiently use available resources
  • Cyber domain ratings
  • Strategic cybersecurity objectives
  • Partnership
  • Participation
Target state design workshop 1Conduct a half-day workshop to prioritize cyber security areas and define high-level objectives for cyber strategy.

Identify required stakeholders

After selecting a specific collaboration activity or set of activities, you can identify the required stakeholders. This decision is vital to ensure that your deliverables are comprehensive, include various points of view and have a buy-in of relevant stakeholders. 

To accurately identify the right stakeholders, consider these critical criteria:

Nature of project activity. Evaluate the project activity in your cyber strategy project associated with the proposed collaboration activity. Identify stakeholders with the expertise or influence needed to complete the project task, such as IT specialists for defining technical standards and legal advisors for policy development.

Objectives associated with the project activity. Determine stakeholders who can help achieve the objectives of each activity. Look for individuals with the relevant knowledge, skills, or authority. For instance, include data security professionals when designing a model for your data leakage prevention capability.

Deliverables. Choose stakeholders who can ensure each deliverable is comprehensive and meets the needs of its users, including direct users, those impacted by the deliverable, and those who can offer essential insights or validation.

Nature of collaboration activity. Match the type of collaboration activity with appropriate stakeholders. Some activities may require smaller, more focused groups, while others benefit from broader participation.

Collaboration strategies defined earlier. Align stakeholder selection with the collaboration strategies you have already chosen. This alignment ensures stakeholders are well-suited to the planned collaboration, partnership, participation, or consultation. For example, involve key decision-makers in partnership activities where you need to make significant strategic decisions.

By actively identifying the right stakeholders for each collaboration activity, you create a foundation for a cyber strategy that is technically robust and enjoys broad support and inclusivity within your organization.

You should repeat the process steps outlined in parts 5 and 6 of this article for each project activity where collaboration with stakeholders adds value. 

Summarize collaboration plan

Following the detailed steps of defining collaboration activities outlined in the previous sections, you can now turn your attention to summarizing your stakeholder collaboration plan using the template provided earlier. This summary links together the strategy development phase, project activity, objectives, deliverables, collaboration activity, and required stakeholders — all elements you defined earlier.

As you prepare this summary, consider the following:

Adopt an agile approach. Ensure your plan remains adaptable to changes in stakeholder dynamics and organizational priorities.

Update continuously. Regularly revise your plan to incorporate new insights, feedback, or changes in your project scope.

Integrate a feedback mechanism. As suggested in the stakeholder engagement process, include a tool for stakeholders to provide feedback on the collaboration, facilitating continuous improvement.

Allocate resources efficiently. Pay careful attention to allocating time, budget, and personnel for each collaboration activity to guarantee practical implementation.

Integrating these considerations into your collaboration plan summary creates a comprehensive approach to engage your stakeholders during cyber strategy definition, implementation, and maintenance. 

For a practical understanding of how different elements come together in a real-world scenario, please refer to the example of the collaboration plan provided below. This example will give you a clearer picture of how to apply the principles and strategies discussed throughout this article to create an effective collaboration plan for your cyber strategy projects.

Project PhaseProject ActivityObjectivesDeliverablesCollaboration StrategyCollaboration ActivityCollaboration Activity DescriptionRequired Stakeholders
All
  • All
  • All
  • All
  • Partnership
Advisory boardThe advisory board will meet regularly to discuss strategic direction, review project progress, and provide expert insights.
  • CEO
  • COO
  • CIO
  • CTO
  • CISO
All
  • All
  • All
  • All
  • Partnership
Strategy meetingsEstablish strategy meetings to review progress updates, resolve issues, approve changes, analyze performance, conduct future planning, review resources, collect feedback and generate ideas.
  • CISO
  • Information Security Managers
All
  • All
  • All
  • All
  • Partnership
  • Participation
  • Push Communication
SharePoint siteEstablish and maintain a SharePoint site for storing and sharing project documents and collaborative work.
  • Project Team Members
1 - Horizon
  • 1e - Interview stakeholders
  • Understand stakeholder motivations
  • Identify common interests
  • Gather initial requirements
  • Horizon meeting notes
  • Partnership
  • Participation
  • Consultation
Horizon interviewsConduct 30-minute one-on-one interviews with key stakeholders to understand their motivations, identify common interests, and gather initial requirements.
  • CEO
  • COO
  • CIO
  • CTO
  • CRO
  • DPO
  • Audit
  • Compliance
  • Head of Architecture
  • Head of Development
2 - Target
  • 2b - Prioritize security areas
  • 2c - Define high-level objectives
  • Provide strategic direction
  • Efficiently use available resources
  • Cyber domain ratings
  • Strategic cybersecurity objectives
  • Partnership
  • Participation
Target state design workshop 1Conduct a half-day workshop to prioritize cyber security areas and define high-level objectives for cyber strategy.
  • CISO
  • Information Security Managers
  • CTO
  • Head of Architecture
2 - Target
  • 2d - Define target state model
  • Define best in class security
  • Target state model
  • Partnership
  • Participation
Target state design workshop 2Conduct workshops with subject matter experts and domain owners to define cyber capability models.
  • CISO
  • Information Security Managers
  • Information Security Professionals
3 - Orientation
  • 3b - Conduct maturity assessment
  • Understand current state of cybersecurity
  • Current cyber maturity levels
  • Issues
  • Consultation
Current state assessment interviewsConduct a series of interviews to assess the maturity of cyber capabilities and identify issues and cost-saving opportunities.
  • Information Security Managers
  • Information Security Professionals
3 - Orientation
  • 3f - Define recommendations
  • Improve cyber capabilities
  • Manage risks efficiently
  • Improvement recommendations
  • Consultation
Discussions on recommendationsConduct a series of roundtable discussions to discuss the assessed maturity of cyber capabilities and the identified issues and review and collect feedback on proposed initial recommendations.
  • Information Security Managers
  • Information Security Professionals
4 - Planning
  • 4a - Identify implementation projects
  • 4b - Develop project charters
  • Manage cyber improvements efficiently
  • Project list
  • Project charters
  • Participation
Project identification and chartersCollaborate with selected stakeholders using online tools to identify existing and new projects required to achieve strategic cyber objectives and define proposed project charters, including their purpose, objectives, key deliverables and high-level resource assumptions.
  • CISO
  • Information Security Managers
  • PMO
4 - Planning
  • 4c - Develop roadmap
  • Manage cyber improvements efficiently
  • Cyber strategy roadmap
  • Partnership
  • Participation
Roadmap development workshopConduct a workshop with selected stakeholders to review the summary of the target state and required projects, prioritize these projects and develop a high-level roadmap.
  • CISO
  • Information Security Managers
  • PMO
4 - Planning
  • 4e - Obtain strategy approval
  • Ensure strategy buy-in
  • Ensure efficient implementation
  • Strategy approval
  • Partnership
Strategy approval briefingsConduct a series of informal briefings with key stakeholders on the proposed strategy and roadmap to obtain initial feedback and their support.
  • CEO
  • COO
  • CIO
  • CTO
  • CRO
  • DPO
  • Audit
  • Compliance
  • Head of Architecture
  • Head of Development
  • Key Business Process Owners
4 - Planning
  • 4e - Obtain strategy approval
  • Ensure strategy buy-in
  • Ensure efficient implementation
  • Strategy approval
  • Partnership
Strategy approval presentationPresent a final version of your strategy to your key stakeholders to obtain formal approval.
  • CEO
  • COO
  • CIO
  • CTO
  • CRO
  • DPO
  • Audit
  • Compliance
  • Head of Architecture
  • Head of Development
4 - Planning
  • 4f - Communicate strategy and objectives
  • Ensure strategy buy-in
  • Ensure efficient implementation
  • Strategy presentation
  • Push Communication
Strategy presentationConduct a series of webinars to present the strategy across the entire organization.
  • Employees
4 - Planning
  • 4f - Communicate strategy and objectives
  • Ensure strategy buy-in
  • Ensure efficient implementation
  • Strategy presentation
  • Pull Communication
Strategy sitePublish the strategy and supporting materials on the communication SharePoint site.
  • Employees
5 - Action
  • 5d - Define policies and standards
  • Implement required controls
  • Policies
  • Standards
  • Participation
Policy collaborationCollaborate with selected stakeholders using online tools to define, review and approve required policies and standards.
  • Information Security Managers
  • Information Security Professionals
5 - Action
  • 5e - Define security processes
  • Implement required controls
  • Ensure efficient process execution
  • Procedures
  • Partnership
  • Participation
Process design workshopsConduct workshops with security professionals and process stakeholders to define required cybersecurity processes, including their purpose, objectives, stakeholders, inputs, process flows, and outputs.
  • Information Security Managers
  • Information Security Professionals
  • Business Process Owners
5 - Action
  • 5i - Build user awareness
  • Increase employee awareness
  • Awareness materials
  • Awareness exercises
  • Push Communication
Cyber awarenessEstablish an e-learning platform with the cyber program to increase awareness levels.
  • HR
  • Information Security Professionals
5 - Action
  • 5j - Implement reporting
  • Identify and remediate issues
  • Improve cyber security capabilities
  • Security metrics
  • Security dashboard
  • Pull Communication
SharePoint Site - reporting sectionCreate a dashboard with metrics covering critical controls
  • CISO
  • Information Security Managers
  • Information Security Professionals
6 - Tracking
  • 6b - Manage stakeholder feedback
  • Improve cyber security capabilities
  • Improve end user experience
  • Stakeholder feedback
  • Improvements
  • Participation
SharePoint Site - feedback sectionEstablish a feedback section on SharePoint for ongoing stakeholder input and regularly review this feedback for strategy improvements.
  • Employees
  • CISO
  • Information Security Managers

Outputs

Stakeholder collaboration plan
A document that outlines how to engage various stakeholders in different phases of a strategy development project.

References

Use the following links to deepen your knowledge about this topic.

Articöes
Books
Standards
Cybersecurity Strategy Management Framework

This article is part of the Cybersecurity Strategy Management Framework. The work on it is currently in progress. You can read more about the framework in this article.