In the days where security was thought of as only the management of logon IDs and passwords, one could argue that not much of a strategy was really needed. This function served a primarily operational role and as long as these deliverables were met in a reasonable timeframe, the expectations were met. In today’s environment, Information Security has much greater visibility and responsibility, and can not afford to be without a strategy which mirrors the risk-appetite of the organization and supports the business objectives. Lack of a strategy will cause the security program to be based solely on the immediate occurrence of audit issues and less on the progress that is being made over a longer time horizon. As the old adage goes, if you don’t know where you are going, all roads will get you there. Security strategies help us to make security happen vs. let it happen. Without an appropriate security strategy, we might Git R done, but what we ‘git’ may not be what we want or adequately support the business needs.
Popularity: 1%
