Digitalization Requires a Shift From Generic Security Frameworks to Business-Centric Solutions, Says Info-Tech Research Group


Info-Tech’s latest research shows that as digitalization rewrites business strategies, the need for a robust, business-aligned security program has never been more critical. With the evolution of online threats, defenses must be resilient and agile, aligning seamlessly with an organization’s core objectives and invaluable data assets.



Aug. 21, 2023

/PRNewswire/ – In an era driven by digital transformation, the significance of a robust, business-aligned security program has become paramount. As online threats evolve, so must the defenses that safeguard an organization’s assets and data. However, aligning security measures with unique business requirements is often challenging for security leaders and their teams. Recognizing the need for a shift from conventional security frameworks that focus primarily on operational controls, global research and advisory firm Info-Tech Research Group has published its latest research blueprint,

Design and Implement a Business-Aligned Security Program


Info-Tech Research Group’s “Design and Implement a Business-Aligned Security Program” blueprint outlines an approach for security leaders to renew their security program, understand business requirements for the program, identify accountabilities, and align core security capabilities to business needs. (CNW Group/Info-Tech Research Group)

“Security leaders often tout their choice of technical security framework as the first and most important program decision they make,”


Michel Hébert

, research director at Info-Tech Research Group.

“While the right framework can help take a snapshot of the maturity of a security program and produce a quick strategy and roadmap, it won’t help align, modernize, or transform the program to meet emerging business requirements.”

The firm’s blueprint explains that common security frameworks offer limited guidance on implementation and focus on operational controls over business value generation, which can be challenging to articulate to stakeholders. While a security strategy can present an overview of a program, it might not facilitate its modernization, transformation, or alignment to meet emerging business needs. Importantly, no universal security solution fits every organization, as each entity boasts its unique identity and distinguishing characteristics.

The new resource outlines Info-Tech’s recommended approach that will allow security leaders and their teams to tailor a security program that focuses on business value first and the security services that enable it. The approach phases are broken down below at a high level:

  1. Security Program Design:

    This phase will help security teams understand the enterprise strategy and goals of the organization, enabling them to define and refine the initial design of the security program.

  2. Capabilities and Accountabilities:

    In this phase, security teams will identify program capabilities and accountabilities to build strong foundations, including organizational culture and security incident response and recovery.

  3. Tailored Security Governance Input:

    This phase enables the security leaders to define the security program’s target state and build a roadmap to continue the design of the program, which includes governance, strategy, and the architectural work required to progress.

Info-Tech advises that by following this business-aligned approach, security leaders and their teams can identify what makes their organizations unique and design a security program with the right capabilities and accountabilities.

To learn more about how security leaders can design a security program with capabilities that create business value, download the complete

Design and Implement a Business-Aligned Security Program


For media inquiries on the topic or to get exclusive, timely commentary from Michel Hébert, a security and privacy expert, please contact

[email protected]


About Info-Tech Research Group

Info-Tech Research Group

is one of the world’s leading information technology research and advisory firms, proudly serving over 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. For 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Media professionals can register for unrestricted access to research across IT, HR, and software and over 200 IT and industry analysts through the firm’s Media Insiders program. To gain access, contact

[email protected]


For more information about Info-Tech Research Group or to access the latest research, visit

and connect via





Info-Tech Research Group Logo (CNW Group/Info-Tech Research Group)

View original content to download multimedia:

SOURCE Info-Tech Research Group


Leave a Reply

Your email address will not be published. Required fields are marked *