Optimization of a control to a chosen outcome against threat sophistication

A deep dive into a particular control, or family of controls, that needs to be expanded, bettered, or implemented, with a comprehensive development, operational, and business plan to do so.

Optimize does this by leveraging people/skills, technologies, vendors, intelligence, processes, into an integrated and lean operational frame-work that is strategically aligned to risk and business goals.

5. You gain the executive reporting framework to:

track the control’s contribution to the overall protection goal

evidence progress and

 

capability improvement

Protection Goal

4. You gain advice on how to

 

 

 

 

 

 

 

integrate the control into:

Control

 

 

threat surface frameworks

 

 

Integration

 

 

predict, prevent, detect,

 

 

 

 

 

 

respond frameworks

 

 

 

capability hierarchy frameworks

 

 

 

 

 

 

3. You gain the roadmap to

Security

optimize performance for:

asset lifecycles

Capability

threat surfaces

delivery models

2.You gain the roadmap to optimize

performance in the domains of:

Management

intent (i.e. goals and strategy)

design (i.e. resource requirements) Capability

operation (i.e. use of skills, partners, technology)

assurance (i.e. KPIs and reporting)

Financing

1. You get the tailored, multi-year business case and operational plan that:

justifies appropriate funding

sets expectations for results

Unbalanced Investment Underperforms

100

 

Integration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Capability

 

 

 

 

 

 

 

80

 

 

High

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

60

 

Security

 

 

 

 

 

 

 

Status

 

EFFECTIVENESS

 

 

 

 

 

 

Quo?

 

Capability

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

40

 

 

 

 

 

 

 

 

 

20

 

 

Low

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Management

 

 

 

 

 

 

 

0

 

Capability

 

 

 

 

 

 

 

 

 

 

 

Low

EFFICIENCY

High

 

 

 

 

 

 

 

VS

Maximizes Value From Investment

Eectiveness Target

 

 

Integration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Amount

 

Capability

High

 

 

 

 

 

 

 

Security

EFFECTIVENESS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Capability

 

 

 

 

 

 

 

 

 

Management

Low

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Capability

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Phase 1

Phase 2

Phase 3

 

Low

EFFICIENCY

High