Feature

Security 7 Award winners tackle important information security issues

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."

Download it now to read this article plus other related content.

 

strategic planning
Prerequisite Strategy by Mark Weatherford
 

Ignore strategic planning at your own peril.
 

 

 

Mark Weatherford
  • TITLE Executive officer
  • COMPANY California Office of Information Security and Privacy Protection
  • INDUSTRY Government
  • KUDOS
    • Appointed in April to this new office by Gov. Arnold Schwarzenegger.
    • Former Naval cryptology officer.
    • Six years as Colorado CISO.
    • Proactive about data protection and governance.
    • Developed

    Requires Free Membership to View

    • a Data Governance Working Group that defined the data security lifecycle for state agencies.
    • Initiated a threat and vulnerability management program (TVMP) that reviews and tests Web applications for security issues.

  • Other initiatives:
    • Enterprise, statewide security policies
    • Critical system inventory program
    • Laptop encryption deployment
    • Incident response program
    • Outreach and training programs

 


I've spent considerable time recently pondering that mystical subject called strategic thinking. I'm not sure why it's considered mystical, but as I talk to colleagues in the public and private sectors, people roll their eyes and take on an aura of resignation when they talk about developing a Strategic Plan.

After some interesting discussions over the years, I've concluded that much of our strategic thinking efforts and subsequent strategic planning amounts to little more than brainstorming drills that happen to occur around a certain time each year. The result is typically more of a tactical plan than a real strategic vision for our security organization. Why?

Here's an interesting thought--we're in a tough business where decisions can (and do) cost a CISO his or her job, so when it comes to dividing resources between the strategic-of-the-future and the tactical-of-the-now, perhaps it's simply a personal economic decision to keep a roof over one's head and bread on the table. Maslow said it first! Can you relate?

 

 

This was first published in October 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: