So i am going to summarise some of the key things you will want to do first:
Reconnaissance / Collecting your info
- Understand your current estate (in terms of assets and how the business operates)
- Document your findings (maybe only you know)
- Ask yourself do you know what the target state looks like (you should have an idea)
- Define the capabilities, requirements, tools and a strategy of how you will get there
- Do you know what ‘good’ looks like? Then you need to know how to measure that, especially for any deviations. Let the data tell the story!
- “Security is a practice” and it should be continually improving with no destination only improved layers of maturity.
To find out more have a read of this blog