Security Program and Strategy

Understand and manage evolving cyber threats with confidence.

Protiviti’s cybersecurity strategy experts help organizations understand information security and privacy risks while providing creative solutions. We help our clients take a holistic business and technology view of their risk posture, and we use industry-accepted information security frameworks to evaluate current capabilities. To reduce exposures, we develop and refine security and privacy strategies, practices, and technology architectures.

Boards of directors and executives face challenges ranging from the speed of technology innovation and the dynamic regulatory landscape to evolving cyber threats, the security talent gap, and ever-changing economic expectations.

Protiviti can assess your unique environment and provide a roadmap so you can make smart cybersecurity strategy investments to serve your customers and grow your business.

Better understand and manage your organization's cyber risks

Our Cybersecurity Strategy Services

Assess Cybersecurity Risks

Understand and prioritize cyber risks based on your unique risk landscape and cybersecurity maturity.


Assess Capabilities

Leverage industry frameworks and our depth of expertise to understand current capabilities and create a roadmap towards the target security posture.


Program Benchmarking, Strategy, and Governance

Assess your organization against industry benchmarks and design a go-forward structure.


Board Communication and Reporting

We provide support for meaningful cybersecurity strategy discussions with senior leadership and the board.


Cyber Program Office

Cybersecurity risks are never static. A successful cyber program office adapts accordingly. Our team serves as an on-demand “virtual CISO” providing hands-on support, transparency, and structure to respond to changing demands.



Blog Generic 8

Effective Cybersecurity is Essential as Cyber Threats Expected to Continue Over Next Decade

In today’s rapidly evolving business world, the lines between technology and business have blurred. Organizations need to modernize and transform their technology in order to successfully compete. CIOs play a critical role in transforming the world...
Read More


Blog Generic 6

Don’t Bore the Board: 5 CISO Hacks for Highly Effective Presentations

Several years ago, we invited board members to speak candidly about presentations from company executives. Those free-flowing conversation more than lived up to what was billed as a “Don’t Bore the Board” panel discussion. The panel members’ engaging...
Read More


Blog Generic 2

Recover: The NIST Cybersecurity Framework’s Outlier

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) has achieved broad adoption across a range of different industries. The NIST CSF, which allows organizations to evaluate their maturity against a detailed set of...
Read More


Blog Generic 2

Understanding SWIFT’s 2021 Customer Security Programme and What the Changes Mean

Building on our guidance from 2020 on the changes to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) Customer Security Programme (CSP) and Customer Security Controls Framework (CSCF), we are now sharing the revisions for 2021....
Read More

Make smart cybersecurity strategy investments

World-class security

A world-class security organization  is nimble, efficient, self-improving, adaptive, and effective. Protiviti helps you maintain your cybersecurity strategy to your specifications and remains aligned with your business objectives.

Make smart cybersecurity strategy investments

Leading the way on cyber risk quantification

Protiviti's cyber risk quantification services, powered by the RiskLens platform, deliver a continuous, data-driven assessment of an organization's current state of cyber risk. With RiskLens, Protiviti provides cyber program risk intelligence that enables organizations around the world to effectively quantify their cyber risk in financial terms.

As the founding advisory partner to the FAIR Institute, Protiviti provides the FAIR Institute with experience, thought leadership, and sponsorship to promote the adoption and growth of FAIR.


Chip Wolford
Chip is a Managing Director in Protiviti’s Technology Consulting practice focusing on Data Security & Privacy. He presently leads Protiviti’s Data Security practice and focuses on Payment Card Industry and Healthcare Information Security as well as supporting ...
Perry Keating
Perry is a Managing Director with over 25 years helping the U.S. government, as well as aerospace, defense, and large global commercial companies, process and protect their data. Perry’s technical expertise includes cybersecurity control assessments with a variety of ...
Torin Larsen
Torin is a Managing Director with extensive experience assisting clients with complex challenges related to information security, privacy, and compliance. He helps clients build, rebuild, and improve their information security programmes, and has served as a virtual ...
Nick Puetz
Nick Puetz is a Managing Director with over 20 years of cyber experience. While focused on helping organizations design, build and mature their cybersecurity programs, Nick’s areas of expertise extend to cyber program strategy and metrics, security operations, offensive ...

CISO Next initiative

What is next for CISOs?

The CISO Next initiative produces content and events crafted exclusively for CISOs, with CISOs. The resources focus on what CISOs need to succeed. The first step is finding out “What CISO type are you?”

Get Involved

CISO Next initiative

Case Studies

Situation: This international, not-for-profit healthcare provider operating over 60 hospitals and 350 clinics in four countries knew its high-priority business demands created issues with information security. Business leaders lost confidence in the organization’s delivery quality and ability to protect its digital assets.

Value: ​A long-standing relationship with Protiviti yielded significant improvements in the client’s cybersecurity capabilities, programme maturity, and risk mitigation. Critical outcomes included a 53% reduction in superfluous active directory (AD) groups and the standardization of AD management tool kits, a reduction in phishing campaign testing click-through and compromise failures from 15% to 7%, and a risk indicator reduction of an average of 80%.

Situation: The fast-track growth of an international financial services firm through numerous acquisitions led to security challenges.

Value:​ We improved the client’s security posture through standardization of patching and remediation—implemented across the enterprise—gaining real-time status on the environment. We enhanced the visibility of cybersecurity and data privacy risks across key business units.

Situation: A leading corporation in the financial services and insurance industry acquired several companies without conducting robust due diligence, neglecting to identify cyber risks and to strategize seamless integration with the existing IT infrastructure.

Value: With enhanced cybersecurity metrics, the client increased its visibility of cybersecurity and data privacy risks to internal business partners for each targeted company acquisition. The client integrated enterprise security policies and standards into the vendor procurement process to mitigate third-party risks.

Situation: An international bank wanted to define and document its three-year cyber security strategy.

Value: The bank gained a digital visualization of the control blueprint, giving users a quick snapshot of threat analysis activity and the ability to gauge the necessary actions to further reduce risk.