Life as a CISO

The Cybersecurity Roadmap Checklist

Regulations, risk assessments, audit recommendations, contractual requirements: projects are coming in from all directions, and your cybersecurity roadmap keeps getting longer. The real challenge is turning it into a prioritized roadmap that’s sustainable over several years. This checklist walks you through the funnel method step by step: 6 steps and 19 actions to check off, from mapping out your organization to presenting to the executive committee, including budgeting and long-term management. You’ll walk away with an action plan ready to present to your executive team.

Download the NIS 2 Guide 

This checklist will help you:

Turn a massive list of projects into a prioritized roadmap. The funnel method for making decisions based on your actual constraints: budget, skills, deadlines, and existing tools.
Secure and protect your cybersecurity budget with data-driven insights: link each project to its cost, monitor spending in real time, and support your requests with hard numbers.
Present a clear and measurable roadmap to your Executive Committee: The right metrics for the right audience (progress, compliance, risk heat map, major incidents)...

Key Points on the Checklist

The Funnel Method: From the Regulatory Framework to Prioritization Filters

Four filters to apply successively to your consolidated plan, so that you end up with only a truly sustainable path.

Involve business units and service providers without losing track of the big picture

Centralize evidence, communication, and decisions in one place, then give each contributor (HR, IT, service providers) a tailored view of what’s relevant to them, so that management no longer rests solely on your shoulders.

The metrics to present to the Executive Committee, and the most straightforward framework for management

Progress rates and budget tracking, compliance status, heatmap of gross risk versus net risk, major incidents as triggers for discussions about projects that were wrongly deprioritized.

About Tenacy

Tenacy is a cyber GRC platform designed for security teams looking to streamline their compliance processes, automate their management, and demonstrate measurable results to senior management.

More than 200 organizations in 32 countries rely on Tenacy to streamline their risk management and multi-compliance efforts (NIS 2, DORA, ISO 27001, etc.).

Find out how Tenacy can transform your organization’s cybersecurity management with a personalized demo: book your demo today.