ABSTRACT
It is a necessary and difficult challenge to plan deliberately
for information security. Short-term, 1-year-ahead plan-
ning tends to be tactical in nature and firefighting in reality.
Strategically, organizations are charged with attempting to
plan 2 to 4 years ahead, as most chief information security
officers (CISOs) are required to provide strategic plans to
chief financial officers for budget purposes, for direct
reporting to executives and directors for cultural support,
and to internal business partners for stratifying relation-
ships. Both areas of tactical and strategic planning require
CISOs continually meet multiple challenges. Consistently
certain challenges have reoccurred over the past 20 years: a
significant shift in the manner in which society views
privacy, a multigenerational workforce, and the rapid evo-
lution of technology. These challenges embrace all areas of
business, be they academia, medicine, government, envir-
onmental science, manufacturing, etc. Although these
challenges will likely not change in the coming few
years, the nuances within each will continue to evolve.