Master plan is the ‘end state’ Security Manager wants to reach with respect to all desired improvements & upgrades are complete/full-filled, Security is best-in class, best-fit and “perfect” in today’s risk scenarios. The definition of "best-fit Security" is very simple, which is sufficient and logical to balance all credible risks (its a myth). <Overview - how to get visibility of Security Master Plan> But as we know risks are dynamic, changing with time, reshaping and threat-actors are innovating & instituting new ways to attack, therefore “Master Plan” cannot be static. Reaching perfection is a mirage, achieving or completing master plan will never appear possible. Adversary, the bad guy will always find new path to breach, one time made & achieved master plan cannot prevent such innovated risks. So the queries arises, why we need a master plan? how to make it? How to manage master plan? The blog aimed to explain the experience of drafting, practice imp...
The blogs are for Security professionals as guidance on fundamentals and building blocks of Security