Skip to main content

Save or Share this Report

For Security & Risk Professionals

Build A Strategic Security Program And Organization

April 12, 2013

Primary author headshot


  • By Andrew Rose
  • with Christopher McClean,
  • Thayer Frechette

Why Read This Report

This report outlines Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. This report is designed to help S&R execs devise a strategic plan for their security function by understanding successful organizational structures and roles. Set against the backdrop of an increasingly complex and intimidating threat landscape, and significant increases in business expectations, the security organization has begun to realize its ambition to have a much more visible role in the organization. Years of austerity, however, mean that the business expects security to combat new threats and manage new responsibilities while maintaining a flat headcount and reducing budget. As a result, there is often a disconnect between the business' expectations and what a security organization can realistically deliver. Security organizations today must be agile and high-performing — capable of addressing a multitude of responsibilities and needs simultaneously. To help S&R pros build an effective security organization, Forrester describes the key responsibilities and provides critical advice.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($745 USD).


Table of Contents

  • The Expectations And Requirements Of Security And Risk Have Shifted
  • Forrester's Proposed Organizational Model
  • Architecting Your S&R Org To Fit Culture And Expectations
  • Put Your Information Security Plan In Writing And Communicate It

  • Six Steps To Take In Your First 90 Days As A CISO
  • Supplemental Material
  • Related Research Documents