ABSTRACT
Evaluation of the prior security incidents can be of great value in developing an information security strategy. John Kotter best summarized the process of strategy by stating, “Leaders establish the vision for the future and set the strategy for getting there.” The more planned the strategy is, the more likely that the strategy will be one that meets the needs of the business and is properly aligned with the business strategy. Before developing the security strategy, the person responsible for developing the strategy needs to understand the organizational past experiences with cybersecurity. Most board of directors want to know how the security strategy and investment compares with the strategy of their competitors. The strategy needs to consider the emerging threats in building the security strategy. When developing an information security strategy, it may appear that the costs for a solution may be cost prohibitive when the strategy is initially developed.
