Information Security Strategy
Once governance issues are addressed, but before other information security improvement work can begin, our consultants usually have to answer one of the following questions:
How do I prepare our security work?
Our answer to this question is the Information Security Strategy Framework.
This framework builds a bridge between the governance and management of information security. We align information security strategy with business objectives and IT strategy. Although we often find that no such objectives or strategies exist in a written form within a given incorporated entity, our consultants make every effort to derive the necessary information.
The technique used in creating the information security strategy is called "the strategy tree". It is an effective tool to illustrate how all the elements of business, IT and information security objectives and strategies interrelate.
The diagram below shows such a conceptual strategy tree:
Please click on the image for a larger version.
Formalising a strategy implies a sequence from analysis through procedure to action as suggested by Henry Mintzberg. According to him the essence of strategy making is the process of learning as we act. We find this rather true time and time again. It also highlight the fact that strategy creation is not a "once off" process. It needs to be repeated regularly.
Managers become more confident and more clear in understanding their business in the process of using our strategy framework. As we insist on starting from organisational mission and vision statements, they often provide valuable feedback to the business itself. This is one of the values information security managers realise when they move from tactical to strategic thinking.
Using such a framework is beneficial because it
- Enables and fosters the creation of an information security business model
- Generates cost effectiveness
- Enables strategic, tactical and operational planning concurrently
- Provides flexibility (branches of the strategy tree can expand or collapse as needed.
For relevant capabilities please read the Strategy and Performance Metric Creation sections in the Consulting category here.
If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.