We also discussed that the stakeholders have an integral part in improving the security of the organization. We can influence stakeholders through customized information security reporting to fix issues. To enable them to do that, they would have to follow a change management process that is typically run by IT operations. With the continuous reassessment of threats that may impact the environment, the information that is updated in the change management process would allow us to have a view of how the stakeholders are addressing reported issues. This is reflected on the threat intel dashboard and also fed into security state analysis. This enables further analysis inputs for the overarching intelligence cycle of the organization at the strategic and tactical levels.

What makes this phase unique is that the data being produced from each information security team (even integrated reports) is being presented to the stakeholder for action. Multiple reports, for multiple findings, from multiple services equals confusion on where to start, which equals burnout and frustration: