Prioritization with Capability-Based Planning

Intel IT’s Information Security (InfoSec) group has adopted capability-based planning (CBP) because it provides a framework for aligning our group’s strategies with Intel’s overall business strategy. CBP helps us prioritize projects and resources, communicate more effectively with business stakeholders, reduce complexity, and become more agile and responsive to changing business needs.

CBP is a planning methodology that drives business-focused outcomes by providing a systematic, objective, and holistic view of a group’s capabilities. In our case, these capabilities center around InfoSec, such as digital identity and access management and privacy management. Using a four-phase cyclical process of alignment, assessment, planning, and management, we can:
• Determine the maturity of every capability using a precise, mathematical formula.
• Identify and prioritize gaps between the current capability maturity and the desired level of maturity.
• Create a roadmap to resolve those gaps.

This comprehensive method of capability mapping and scoring delivers a unified view of capabilities and objectives so that teams can collaborate and optimize cross-functional efficiency.

Adopting CBP has provided several benefits to the InfoSec group:
• Strengthened InfoSec strategic alignment.
• Optimized resource allocation for critical security capabilities.
• Proactive risk management.
• Enhanced security performance tracking.
• Improved collaboration for shared security.
• Responsive adaptation to third-party security frameworks.

As other Intel IT groups—and even business units—see the positive outcomes of CBP, we hope they also begin to adopt it, which would multiply the benefits across all of Intel. Furthermore, CBP has already fostered collaboration across departments and teams.

Our comprehensive method of capability mapping and a formulaic scorecard captures the strategic importance, business goal importance, capability maturity score, and quantified risk. It highlights what is required to execute initiatives successfully. Our solution addresses our longstanding InfoSec planning challenges but can also be applied to other IT groups and even other industries. Adopting CBP is an excellent way to align every decision with its strategic vision and capabilities and drive sustained enterprise success.