際際滷

際際滷Share a Scribd company logo

2022-security-plan-template.pptx

Download as PPTX, PDF
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

This document provides a template for a 2022 security plan that can be customized and used to communicate an organization's security needs and budget to management. The template includes sections for an overview of 2021 security spending and performance, key considerations from internal incidents and the evolving threat landscape, proposed changes to security resources and budgets for 2022, and an overall budget summary. The template is meant to simplify communicating security needs to management in a clear, cost-focused way.

1 of 12
Download to read offline
2022 Security Plan Template
Template Walkthrough Guide 2 We built this template to empower you the CIO /CISO/Director of Security, etc. to effectively communicate your 2022 security plans to management. You have the security knowledge the type of security events your organization encountered in the recent year, as well as the global shifts in the threat landscape. You also understand the outputs of the security products you have in place. By using this template, youll be able to map this knowledge to cost and risk terms that your management can easily consume and understand. The flow of the template is simple how many resources are we currently putting into cybersecurity, what has proven itself, and what are the gaps that we need to address based both on the security incidents we have encountered, as well as on general attack trends. This copy of the template comes with mock data - be sure to remove and replace it with data from your own environment. Feel free to modify and adjust the template based on your specific needs. There is no one-size-fits-all in cybersecurity. The template is purpose-built to save you the time of setting up the infrastructure. The internal design is all yours. 2022 Security Plan Template
How We Built This Template 3 This template is the outcome of numerous interactions with both security professionals and management decision-makers across Cynets install-base. What guided us through the process of building this template is to simplify, accelerate and optimize the work of security decision makers by providing them with ready-to-use tool that addresses all key reporting and planning aspects, enabling them to focus their efforts on the actual reporting, rather than spend valuable time in setting up a reporting infrastructure from scratch. This is also the goal of the Cynet autonomous breach protection platform (Learn more about Cynet here), which natively integrates monitoring & control, attack prevention & detection and response orchestration, providing security teams all the tools they need to confront and win against the cyber threat landscape in a single, integrated solution. 2022 Security Plan Template
Template Walkthrough Guide 4 際際滷 6 2021 Security Overview Summary of all the security spend of 2021, : planned (personnel, technology and services) unplanned (security incidents that entailed a clear monetary impact) 際際滷 7 2021 Security Performance Evaluation - Success Summary of all events in which security investment have proven effective in preventing or containing cyberattacks. Technologies - This part is materially dependent on the metadata your security products provide you with. This is important to make the case of the actual value delivered by the product. Services - quantize these by both the volume of security events that was fully or partially handled by the service provider. 際際滷 8 2021 Security Performance Evaluation - Challenges Summary of all attacks that caused damage despite the security stack in place. Event Description Point of failure 2022 Security Plan Template
Template Walkthrough Guide 5 際際滷 9 2022 Security Plan Key Considerations Summary of all improvement factors: Internal security events your organization has experienced Overall threat landscape that applies to your organization in respect to vertical, size, IT infrastructure, etc. 際際滷 10 2022 Security Plan Changes in Resource Allocation Required changes in security products, services, personnel and compliance initiatives 際際滷 11 2022 Security Plan Overall Summary of 2021-2022 differenced in security budget. 2022 Security Plan Template
2021 Security Overview 6 2021 SECURITY PLANNED SPEND Group Detail Annual Cost Security Team Security Products Security Services Compliance Initiative SECURITY SPEND SUMMARY cost Planned Unplanned Overall 2021 SECURITY UNPLANNED SPEND Incident Detail Overall Cost Ransomware attack Compromised identity to O359 account Direct damage IR provider fee 2022 Security Plan Template
2021 Security Performance Evaluation - Successes 7 SECURITY PRODUCTS Products Data Comments Firewall XXX blocked sessions NGAV XXX blocked malware attempts XXX blocked ransomware Email Protection XXX phishing emails detected SECURITY PRODUCTS Products Data Comments MSP MDR XXX critical security events prioritized and reported 2022 Security Plan Template
2021 Security Performance Evaluation - Challenges 8 SECURITY PRODUCTS Incident Description Points of Failure Ransomware attack Initial infection followed by mass automated propagation locked 67% of the companys endpoints and servers AV failed to prevent the ransomware execution Theft of customer data Customers PII (names, phone numbers and email addresses) was exfiltrated from company servers Post compromise activity is a blind spot for the security products in place FirewallAV failed to prevent the initial compromise The EDR alerts volume surpassed the capacity of the security team. As a result, the relevant EDR alerts were not addressed Compromised identity to O359 account Attackers gained access to an employee O365 account and forwarded his company emails to their premise during several weeks There is no security products that monitors users email behavior 2022 Security Plan Template
2022 Security Plan: Key Considerations 9 Internal security incidents Security incident 1 Security incident 2 Updated threat landscape High profile attack 1 High profile attack 2 The plan for 2022 is meant to raise the cyber resilience level of the organization, in light of prior security events as well as the overall threat landscape ATTACKS TRENDS Description 1 2 2022 Security Plan Template
2022 Security Plan Changes in Resource Allocation 2022 SECURITY PLANNED SPEND Group Type Purpose Annual Cost Security Team Add XXX manhours Ensure all critical alerts are handled $XXX Security Products Add CASB solution Get visibility to malicious activity that targets SaaS apps $XXX Security Services Engage MDR to monitor EDR alerts Outsource repetitive alert monitoring and prioritization and have the internal team focused on the actual response $XXX Compliance Engage external auditor for PCI DSS certification $XXX 2022 Security Plan Template
2022 Security Plan Overall 2022 SECURITY PLANNED SPEND Group 2021 Annual Budget 2022 Change Security Team $xxx $xxx Security Products $xxx $xxx Security Services $xxx $xxx Compliance $xxx $xxx 2022 Security Plan Template
THANK YOU! www.cynet.com

More Related Content

2022-security-plan-template.pptx

  • 2. Template Walkthrough Guide 2 We built this template to empower you the CIO /CISO/Director of Security, etc. to effectively communicate your 2022 security plans to management. You have the security knowledge the type of security events your organization encountered in the recent year, as well as the global shifts in the threat landscape. You also understand the outputs of the security products you have in place. By using this template, youll be able to map this knowledge to cost and risk terms that your management can easily consume and understand. The flow of the template is simple how many resources are we currently putting into cybersecurity, what has proven itself, and what are the gaps that we need to address based both on the security incidents we have encountered, as well as on general attack trends. This copy of the template comes with mock data - be sure to remove and replace it with data from your own environment. Feel free to modify and adjust the template based on your specific needs. There is no one-size-fits-all in cybersecurity. The template is purpose-built to save you the time of setting up the infrastructure. The internal design is all yours. 2022 Security Plan Template
  • 3. How We Built This Template 3 This template is the outcome of numerous interactions with both security professionals and management decision-makers across Cynets install-base. What guided us through the process of building this template is to simplify, accelerate and optimize the work of security decision makers by providing them with ready-to-use tool that addresses all key reporting and planning aspects, enabling them to focus their efforts on the actual reporting, rather than spend valuable time in setting up a reporting infrastructure from scratch. This is also the goal of the Cynet autonomous breach protection platform (Learn more about Cynet here), which natively integrates monitoring & control, attack prevention & detection and response orchestration, providing security teams all the tools they need to confront and win against the cyber threat landscape in a single, integrated solution. 2022 Security Plan Template
  • 4. Template Walkthrough Guide 4 際際滷 6 2021 Security Overview Summary of all the security spend of 2021, : planned (personnel, technology and services) unplanned (security incidents that entailed a clear monetary impact) 際際滷 7 2021 Security Performance Evaluation - Success Summary of all events in which security investment have proven effective in preventing or containing cyberattacks. Technologies - This part is materially dependent on the metadata your security products provide you with. This is important to make the case of the actual value delivered by the product. Services - quantize these by both the volume of security events that was fully or partially handled by the service provider. 際際滷 8 2021 Security Performance Evaluation - Challenges Summary of all attacks that caused damage despite the security stack in place. Event Description Point of failure 2022 Security Plan Template
  • 5. Template Walkthrough Guide 5 際際滷 9 2022 Security Plan Key Considerations Summary of all improvement factors: Internal security events your organization has experienced Overall threat landscape that applies to your organization in respect to vertical, size, IT infrastructure, etc. 際際滷 10 2022 Security Plan Changes in Resource Allocation Required changes in security products, services, personnel and compliance initiatives 際際滷 11 2022 Security Plan Overall Summary of 2021-2022 differenced in security budget. 2022 Security Plan Template
  • 6. 2021 Security Overview 6 2021 SECURITY PLANNED SPEND Group Detail Annual Cost Security Team Security Products Security Services Compliance Initiative SECURITY SPEND SUMMARY cost Planned Unplanned Overall 2021 SECURITY UNPLANNED SPEND Incident Detail Overall Cost Ransomware attack Compromised identity to O359 account Direct damage IR provider fee 2022 Security Plan Template
  • 7. 2021 Security Performance Evaluation - Successes 7 SECURITY PRODUCTS Products Data Comments Firewall XXX blocked sessions NGAV XXX blocked malware attempts XXX blocked ransomware Email Protection XXX phishing emails detected SECURITY PRODUCTS Products Data Comments MSP MDR XXX critical security events prioritized and reported 2022 Security Plan Template
  • 8. 2021 Security Performance Evaluation - Challenges 8 SECURITY PRODUCTS Incident Description Points of Failure Ransomware attack Initial infection followed by mass automated propagation locked 67% of the companys endpoints and servers AV failed to prevent the ransomware execution Theft of customer data Customers PII (names, phone numbers and email addresses) was exfiltrated from company servers Post compromise activity is a blind spot for the security products in place FirewallAV failed to prevent the initial compromise The EDR alerts volume surpassed the capacity of the security team. As a result, the relevant EDR alerts were not addressed Compromised identity to O359 account Attackers gained access to an employee O365 account and forwarded his company emails to their premise during several weeks There is no security products that monitors users email behavior 2022 Security Plan Template
  • 9. 2022 Security Plan: Key Considerations 9 Internal security incidents Security incident 1 Security incident 2 Updated threat landscape High profile attack 1 High profile attack 2 The plan for 2022 is meant to raise the cyber resilience level of the organization, in light of prior security events as well as the overall threat landscape ATTACKS TRENDS Description 1 2 2022 Security Plan Template
  • 10. 2022 Security Plan Changes in Resource Allocation 2022 SECURITY PLANNED SPEND Group Type Purpose Annual Cost Security Team Add XXX manhours Ensure all critical alerts are handled $XXX Security Products Add CASB solution Get visibility to malicious activity that targets SaaS apps $XXX Security Services Engage MDR to monitor EDR alerts Outsource repetitive alert monitoring and prioritization and have the internal team focused on the actual response $XXX Compliance Engage external auditor for PCI DSS certification $XXX 2022 Security Plan Template
  • 11. 2022 Security Plan Overall 2022 SECURITY PLANNED SPEND Group 2021 Annual Budget 2022 Change Security Team $xxx $xxx Security Products $xxx $xxx Security Services $xxx $xxx Compliance $xxx $xxx 2022 Security Plan Template