ABSTRACT
Strategic IT Security If you want to stay long-lived and progressive as an IT security manager, director, CSO, or CISO, you must eventually be capable of creating and marketing your company’s IT security strategy. Most of us have gotten by through many seasons of tactical fire drills solving immediate IT security problems with technical projects, some process, and just-in-time policy. The decade of just-in-time IT security solutions is past; now is the time for strategic planning and actions. Yes, the executive buzzwords of vision, mission, goals, objectives, charters, etc. are important, but in too many cases they only serve to cloud the present approach to our IT security future. So what should an appropriate IT security strategy, which usually covers a one-to-five-year agenda, encompass? Several logical and key steps are important if you are to have a chance to embed your strategic plan in the business and IT processes and culture.
