Professional Documents
Culture Documents
2021 Security Plan Template
2021 Security Plan Template
Template
Template Walkthrough Guide
We built this template to empower you – the CIO /CISO/Director of Security, etc. – to effectively
communicate your 2021 security plans to management.
You have the security knowledge – the type of security events your organization encountered in the
recent year, as well as the global shifts in the threat landscape. You also understand the outputs of the
security products you have in place.
By using this template, you’ll be able to map this knowledge to cost and risk terms that your
management can easily consume and understand.
The flow of the template is simple – how many resources are we currently putting into cybersecurity,
what has proven itself, and what are the gaps that we need to address – based both on the security
incidents we have encountered, as well as on general attack trends.
This copy of the template comes with mock data - be sure to remove and replace it with data from
your own environment.
Feel free to modify and adjust the template based on your specific needs. There is no one-size-fits-all in
cybersecurity. The template is purpose-built to save you the time of setting up the infrastructure. The
internal design is all yours.
What guided us through the process of building this template is to simplify, accelerate and
optimize the work of security decision makers by providing them with ready-to-use tool
that addresses all key reporting and planning aspects, enabling them to focus their efforts
on the actual reporting, rather than spend valuable time in setting up a reporting
infrastructure from scratch.
This is also the goal of the Cynet autonomous breach protection platform (
Learn more about Cynet here), which natively integrates monitoring & control, attack
prevention & detection and response orchestration, providing security teams all the tools
they need to confront and win against the cyber threat landscape in a single, integrated
solution.
Security Services
Compliance Initiative
cost
Planned
Unplanned
Overall
… …
… …
… …
… …
… …
… …
Theft of customer data Customers PII (names, phone numbers and email addresses) • Post compromise activity is a blind spot for the security
was exfiltrated from company servers products in place
• Firewall\AV failed to prevent the initial compromise
• The EDR alerts’ volume surpassed the capacity of the
security team. As a result, the relevant EDR alerts were not
addressed
Compromised identity to O359 account Attackers gained access to an employee O365 account and There is no security products that monitors users email
forwarded his company emails to their premise during several behavior
weeks
Security incident 2
ATTACKS TRENDS
Description
1 …
2 …
Security Products Add CASB solution Get visibility to malicious activity that $XXX
targets SaaS apps
Security Services Engage MDR to monitor EDR alerts Outsource repetitive alert monitoring and $XXX
prioritization and have the internal team
focused on the actual response
Compliance Engage external auditor for PCI –DSS $XXX
certification
2021 Security Plan – Overall
2020 SECURITY PLANNED SPEND
Group 2020 Annual Budget 2021 Change
Security Team $xxx $xxx