Show Filters

Top Results

Security Operating Model Design and Implementation

At a Glance

Designed Operating Model

Designed and implemented new security operating model

Improved Transparency

Improved transparency of security cost allocation and overall risk reduction

Modernized Security Controls

Worked with the client to harmonize and modernize over 800 archaic security controls into 25 enterprise-wide policies


A large U.S. energy company needed to standardize cybersecurity and become more transparent and deliberate in their methodology for securing the enterprise. External and internal pressures were requiring greater transparency of risk reductions and allocation of security costs.


  • Codified organization’s vision, core behaviors, and critical stakeholders  
  • Organized the security work into functions with a cross-functional team
  • Identified owners of functions to codify the purpose, scope, and outcome as well as metrics for measuring and sustaining security vision
  • Established roles and responsibilities and conducted training to ensure the security leaders could provide the necessary governance and oversight to ensure the security posture of the enterprise
  • Designed a corrective action program to track remediation items identified through periodic oversight and self-assessments  
  • Worked with the organizational leadership to develop a gap-based business plan and formalized a methodology for assessing its periodic progress
  • Identified and trained embedded security leaders from distributed business units to regularly participate in security assessments


  • As a result of moving to the proposed security operating model, the client harmonized and modernized more than 800 archaic security controls into 25 enterprise-wide policies
  • Improvements created standardization in process and cost effectiveness, allowing the client to have greater transparency of security cost allocation and risk reduction
  • ScottMadden designed and implemented a security operating model 

Related Insights

Let’s Work Together

We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.