A security SWOT analysis is used to evaluate corporate security needs. SWOT is an acronym for Strengths, Weaknesses, Opportunities and Threats. For years, companies and corporations have used SWOT to evaluate and position their products or services against their competition. The SWOT analysis model can also be used or adapted to evaluate potential security threats and weaknesses against mission-critical information technology systems.
Corporations must evaluate the strengths of their information system. This includes issues such as evaluating the effectiveness of firewalls, password configuration/settings and information transfer protocols. Most "off the shelf" workplace productivity software such as Microsoft Office and Internet Explorer comes with built-in security protection. However, large corporations with multiple locations often have to go far beyond "off the shelf" solutions.
Corporations must realistically evaluate the weakness of their IT security systems. Typical weaknesses come in the form of employee security violations, employee theft and faulty information transfer protocols. Even the lack of funds can be a weakness because companies may not have the operating capital necessary to properly fix major weaknesses once discovered.
According to ITWorld.com, "opportunities are low-hanging fruit that you can't afford not to take advantage of". A good example of this is when "off the shelf" software, which is already deployed company-wide, can be adjusted to add a security fix at little to no cost. This is especially true when the fix can be implemented by the IT department without needing top management approval.
Think of threats as security attacks that originate outside of the company. The most common example is a hacker attack or a mass-distributed computer virus. Generally, it's not if, but when these threats will occur and companies must have adequate security protection against them.
Many free SWOT templates and tools are available online to help companies do a realistic SWOT assessment. Although most are oriented to a traditional competitive analysis, they can be easily adapted to perform a security SWOT analysis.