|
strategic planning
Prerequisite Strategy by Mark Weatherford
Ignore strategic planning at your own peril.
Mark Weatherford
- TITLE Executive officer
- COMPANY California Office of Information Security and Privacy Protection
- INDUSTRY Government
- KUDOS
- Appointed in April to this new office by Gov. Arnold Schwarzenegger.
- Former Naval cryptology officer.
- Six years as Colorado CISO.
- Proactive about data protection and governance.
- Developed a Data Governance Working Group that defined the data security lifecycle for state agencies.
- Initiated a threat and vulnerability management program (TVMP) that reviews and tests Web applications for security issues.
- Other initiatives:
- Enterprise, statewide security policies
- Critical system inventory program
- Laptop encryption deployment
- Incident response program
- Outreach and training programs
...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
[IMAGE]
I've spent considerable time recently pondering that mystical subject called strategic thinking. I'm not sure why it's considered mystical, but as I talk to colleagues in the public and private sectors, people roll their eyes and take on an aura of resignation when they talk about developing a Strategic Plan.
After some interesting discussions over the years, I've concluded that much of our strategic thinking efforts and subsequent strategic planning amounts to little more than brainstorming drills that happen to occur around a certain time each year. The result is typically more of a tactical plan than a real strategic vision for our security organization. Why?
Here's an interesting thought--we're in a tough business where decisions can (and do) cost a CISO his or her job, so when it comes to dividing resources between the strategic-of-the-future and the tactical-of-the-now, perhaps it's simply a personal economic decision to keep a roof over one's head and bread on the table. Maslow said it first! Can you relate?
|
 |
|
