Yes! Cyber Insurance does influence the security roadmap. Researching cyber security in 2011 showed that this requirement will become an important factor to the security posture of an organisation. In Picture 1, each requirement represents a specific business need. In order to satisfy the requirement, a vendor products feature is utilised. To implement the feature, Capital expenditure (CAPEX) and Operational expenditure (OPEX) should be taken into consideration. For example, if the latest software version is a requirement by the customer, then the estate will have high capex costs, in addition, if it is specialist software, then higher OPEX administration costs are usually seen in runtime/BAU environments.
To know what features to utilised, typically the product is introduced for a temporary period into the environment to see what value the features would give in a real time environment. After the trail period, the vendor would typically support a full deployment. To maximise the use of the product, a design workshop might take place. The workshop discusses many design scenarios and the product deployment architecture is finally selected that gives the maximum return from the features selected to satisfy the requirements. Typically, at this point the solution is finalised by way of a High Level Design document being created (HLD). The HLD solidifies the business case for the spend on the product as it shows what value the customer will receive. As the HLD contains a project deployment schedule, it is often used to support the purchase of the product. Soon after, a Low Level Design (LLD) is created which specifies how the pragmatics of the product will be implemented and monitored; the LLD typically includes a technology definition and implementation schedule of each component including specific details on how it will be configured.
I have found that defining each feature within the LLD as a requirement, helps scope what specific roles and responsibilities will be required and also serves as the foundation of the statement-of-works-requirements that are typically issued to the vendor to deploy the product instant. Using the LLD in this way also makes the process of integrating into compliance environments like ITIL/SABSA far more quicker and a lot more simpler, you know exactly what business function each feature will support and how to implement and maintain its operation.
In the more tech savvy enterprises, we find that infrastructure-as-a-service allows us to simply ‘click ‘ each feature required and its instantly implemented. With real time drivers needing different features and functionality that allow technology innovations to efficiently execute features and functionality that preserve CAPEX and OPEX needs, Security Roadmap designing, is a progressive skill that will constantly be utilised.
To know what features to utilised, typically the product is introduced for a temporary period into the environment to see what value the features would give in a real time environment. After the trail period, the vendor would typically support a full deployment. To maximise the use of the product, a design workshop might take place. The workshop discusses many design scenarios and the product deployment architecture is finally selected that gives the maximum return from the features selected to satisfy the requirements. Typically, at this point the solution is finalised by way of a High Level Design document being created (HLD). The HLD solidifies the business case for the spend on the product as it shows what value the customer will receive. As the HLD contains a project deployment schedule, it is often used to support the purchase of the product. Soon after, a Low Level Design (LLD) is created which specifies how the pragmatics of the product will be implemented and monitored; the LLD typically includes a technology definition and implementation schedule of each component including specific details on how it will be configured.
I have found that defining each feature within the LLD as a requirement, helps scope what specific roles and responsibilities will be required and also serves as the foundation of the statement-of-works-requirements that are typically issued to the vendor to deploy the product instant. Using the LLD in this way also makes the process of integrating into compliance environments like ITIL/SABSA far more quicker and a lot more simpler, you know exactly what business function each feature will support and how to implement and maintain its operation.
In the more tech savvy enterprises, we find that infrastructure-as-a-service allows us to simply ‘click ‘ each feature required and its instantly implemented. With real time drivers needing different features and functionality that allow technology innovations to efficiently execute features and functionality that preserve CAPEX and OPEX needs, Security Roadmap designing, is a progressive skill that will constantly be utilised.