Use Your Research to Build a Wider Security and Risk Management Plan for the Enterprise.
[After] you have conducted the interviews, it is important to document the results from each interviewee.
Create a Matrix
The simplest way to develop your matrix is to list the names, titles and business elements to which they are assigned for all of those you have interviewed down the left side of an Excel spreadsheet, allowing for only one name in each row. Then, list the questions that were asked across the top, with one question in each column.
Going back to your interview notes, synthesize the answers for each question asked of the first individual listed on the left side of your spreadsheet. As you move across the row to the question listed in the header above each column, you will then fill in the answers provided until you have completed the results for each question, repeating the process for each individual you interviewed.
Develop Your Action Plan
As you prepare your action plan, having this type of matrix for reference will dramatically simplify your efforts. It will assist you in succinctly identifying the issues, concerns and views of your enterprise’s leadership team. The matrix ultimate provides a roadmap of leadership’s top concerns, allowing you to focus on aligning your function’s efforts with the needs of the business and target mitigation solutions. Just as important, it provides you with a frame of reference for future discussions with members of your leadership team.
Now that you have your matrix completed, review the answers provided for each question in a column. As you scan each column, start to catalogue similar answers under each column. Key topics will naturally evolve from this review. Let’s assume for a moment that you interviewed 38 people from your executive team, business unit leaders and key functions. Under question number one, you found three common issues that were of grave concern and four one-off issues of little consequence to the company. Now, develop a similar list for each remaining question and conduct the same analysis of the answers provided in each of the columns.
Once you have completed your review and analysis, you will have a comprehensive list of issues that are a priority for the leadership in your enterprise. This data will be the basis for development of your action plans. The next step on this path is to develop a plan to address these issues. Once you have created a credible plan, set up meetings with each of the individuals on your list of interviewees. As you meet with them, it is vital that you utilize your matrix to explain to them what you heard them say… they need to know that beyond just listening… you heard what they had to say. Then, share with them the results of your review and analysis and the key issues that resulted from the review as well as some of the mitigation solutions you may be able to offer to assist in dealing with these key issues. Don’t forget to ask them for their impressions and feedback to help refine your function’s efforts.
The more that you can demonstrate that your function is results-oriented and aligned with the business the greater your successes will be.
Mattice, Lynn (2017). How Security Leaders Can Gain a Seat at the Table Recovered on 6 March 2018 from https://www.securitymagazine.com/articles/88776-how-security-leaders-can-gain-a-seat-at-the-table