Using SWOT Analysis to Create InfoSec Strategy

SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis is an industry standard way of analyzing current situation (marketing, business strategy, risk assessment, etc). In many cases, SWOT analysis provides foundation for creating business strategy. Following is a short description of how we can use it as a tool for creating InfoSec strategy and for executive briefings.

Following is a sample SWOT analysis for a security organization. While this is a reasonable template to perform SWOT analysis, one may have to make some changes and tweaks to make it suitable for a specific organization.


Note that opportunities may include items that can be implemented in short-term and that may utilize existing investments in technology or processes.

Using SWOT Analysis Tools for Executive Briefing

Typically the SWOT analysis chart can be reviewed by the key InfoSec leaders to identify and put different items into appropriate categories (internal vs external or helpful vs harmful). Once the SWOT analysis is complete, it can also be used as a tool for executive briefings and explain InfoSec strategy to corporate leadership.

About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in InfoSec, Leadership and tagged , , . Bookmark the permalink.

Comments are closed.