Microsoft released an updated version of their CISO workshop training. The CISO workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles. The workshop covers all aspects of a comprehensive security program including strategic initiatives, roles and responsibilities, success metrics, maturity models, and more.
Available here: https://docs.microsoft.com/en-za/security/ciso-workshop/the-ciso-workshop?s=09
We are always looking for input for how to continue to improve it. There is a limit to what we can put into a free public resource without the people/experience to surround it with, as we want to arm and help anyone anywhere educate the business leadership and/or work with the team to assess current program state.
Nothing is ever perfect - how can we take it further to help your customer? Your business?
Definitely. Within Microsoft this is essentially an internal community effort to better support customers across the globe with the materials to drive meaningfully protective programs.On SABSA, there is potential crossover, definitely, but I don't think necessarily integrating more specific tools into the CISO workshop is immediately on the roadmap.There are of course things we do to help customers with consulting and solution oriented projects, but for many businesses, having "the toolkit" to support existing internal expertise is enough to be "the motivator" to make improvements. When you start getting more specific tools and views - SABSA, Open Group, et al - the assumptions you make about the people consuming it elevate as well. Today's toolkit makes minimal assumptions.
Always open to feedback, if you want to do so directly, wayne.anderson [@t] microsoft dt com and I can collate and pass along as its not just one person driving this but a small group across departments working on it.