Using the NIST Cybersecurity Framework for Information Security Program Strategic Planning

WTC Consulting, Inc. (WTC) worked with a university client’s Information Security Office to develop a five-year information security program strategic plan. WTC first assessed the client’s information security program utilizing the NIST Cybersecurity Framework (CSF), identifying areas of strength and gaps in maturity levels and associated risks. WTC worked with the client to develop 35 initiatives to improve maturity levels in targeted security controls and planned the implementation time frames and cost requirements associated with the initiatives. WTC projected improvements to the information security program maturity levels referencing the NIST CSF.