Stott and May Consulting Blog

48 key questions for a resilient cyber security Target Operating Model

Written by Jonathan McGuinness | Nov 13, 2023 2:00:00 PM

Planning for your company's operations in the coming 24 months, 36 months, or even 5 years requires a clear long-term vision. But how do you turn that vision into a tangible working model? To navigate this transformation, expert facilitation and a solid understanding of your current state are essential.

In this article, you’ll find a carefully curated list of questions to assist you in developing a comprehensive cyber security Target Operating Model (TOM). The categories explored here cover a wide range of critical cyber security areas; delve into each section or skip ahead below:

  1. IAM (Identity Access Management)
  2. IGA (Identity Governance and Administration)
  3. PAM (Privilege Access Management)
  4. CIAM (Customer Identity and Access Management)
  5. SIEM (Security Information and Event Management)
  6. SOAR (Security Orchestration, Automation and Response)
  7. SOC (Security Operations Centre)
  8. ITSM (IT Service Management)
  9. ITDR (IT Disaster Recovery)

Creating a resilient cyber security Target Operating Model (TOM)

By considering and addressing these questions, you'll be well-prepared to set the environment for creating a robust and effective cyber security target operating model that ensures the security and integrity of your organization's systems and data.

IAM - Identity Access Management

  1. What is our current approach to managing user identities and access permissions within the organization?
  2. How can we enhance user authentication and authorization processes to ensure better security?
  3. Are there specific role-based access control policies we need to implement?
  4. How do we plan to address user lifecycle management, including onboarding, changes, and offboarding?
  5. What technologies or tools do we need to improve IAM practices?

IGA - Identity Governance and Administration

  1. How do we currently govern and administer user identities and their associated permissions?
  2. Are there clear policies and procedures in place for managing user access?
  3. What methods do we use for certification and attestation of user access rights?
  4. How do we ensure compliance with regulatory requirements related to identity management?
  5. What technology solutions and tools can enhance our IGA capabilities?

PAM - Privilege Access Management

  1. How are we currently managing and monitoring privileged access to critical systems and data?
  2. What measures can we take to secure privileged accounts and reduce the risk of unauthorized access?
  3. Do we have a strategy for auditing and reviewing privileged access?
  4. What automation and integration efforts can improve PAM for our organization?
  5. How do we plan to train and educate employees on the importance of PAM practices?

CIAM - Customer Identity and Access Management

  1. How are we currently managing customer identities and access to our online services?
  2. What measures can we implement to enhance the security of customer accounts and personal data?
  3. How do we balance user convenience with security in our CIAM practices?
  4. Are there privacy compliance considerations (e.g., GDPR) that we need to address?
  5. What improvements can we make to streamline the customer registration and authentication processes?

SIEM - Security Information and Event Management

  1. How are we currently monitoring and analyzing security events and incidents?
  2. What sources of security data are we collecting, and how can we optimize data ingestion?
  3. Do we have effective incident detection and response workflows in place?
  4. What integration efforts can improve our SIEM's effectiveness?
  5. How often do we review and update our SIEM configurations and rules?

SOAR - Security Orchestration, Automation, and Response

  1. What security processes and tasks can be automated to improve incident response times?
  2. Do we have a centralized incident response platform, and how can it be optimized?
  3. Are there specific security use cases that could benefit from orchestration and automation?
  4. How can we integrate SOAR with our existing security tools and systems?
  5. What metrics do we use to measure the effectiveness of our SOAR capabilities?

SOC - Security Operations Centre

  1. What is the current structure and function of our Security Operations Center (SOC)?
  2. How do we handle security incidents, and what is the escalation process?
  3. Are there gaps in our SOC's capabilities, and how can we fill them?
  4. What skillsets and training do our SOC personnel need to stay effective?
  5. How do we ensure 24/7 monitoring and response coverage for security events?

ITSM - IT Service Management

  1. How do we incorporate cyber security considerations into our IT service management practices?
  2. Are there specific incident and change management processes that need to be aligned with security?
  3. What role does ITSM play in supporting the overall cyber security strategy?
  4. How do we prioritize and respond to security-related service requests?
  5. How can we improve collaboration between ITSM and cyber security teams?

ITDR - IT Disaster Recovery

  1. Do we have a comprehensive IT disaster recovery plan in place, and when was it last updated?
  2. How do we identify critical IT systems and data that need to be prioritized in recovery efforts?
  3. What is the RTO (Recovery Time Objective) and RPO (Recovery Point Objective) for our critical systems?
  4. How do we test and validate our ITDR plan regularly to ensure its effectiveness?
  5. What roles and responsibilities are defined within our ITDR plan, and how do we ensure clear communication during a disaster event?
  6. What offsite backup and data replication strategies are in place to safeguard critical data?
  7. How do we coordinate ITDR efforts with other aspects of cyber security and incident response?

In summary

Improve your company's security posture with the expertise of seasoned professionals. Wherever you are in your journey, Stott and May Consulting provide a range of services to support organizations in making technology transformation more productive. Find out more and get in touch to see how we can deliver your technology initiatives with predictable precision here.