Episode 198 - Building a Security Strategy Part 1


Manage episode 181648485 series 12330
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Episode 198 – Building a Security Strategy – Part 1

Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach…

  1. What is a Strategy?
    1. What’s the difference between a strategy and a policy?
      1. A policy is binding statements
      2. A strategy is thought out planning
      1. A list of tech you want to buy
      2. A remediation plan that follows an audit/assessment
      3. A continued justification for the way you’ve always done things
      4. The stuff your favorite vendor told you needs doing
    2. What a strategy isn’t…
      1. Based on the needs and desires of the org and its senior leaders
      2. Culturally relevant
      3. A guide to where investment (money and people) need to be made
      4. Balanced between boldness and reassurance
      5. Built on a set of capabilities that map to business success criteria
    3. A strategy is…
    1. Creates a consistent frame of reference for talking about the program
    2. Helps senior leaders understand the where/why of the investments
    3. Lays out a connected story for CFOrg to make budget less hard
    4. Provides a decision-making framework that enables effective choices
  2. Why do you want one?
    1. Understand the business of your Business
    2. Know who your stakeholders really are
    3. Capability = (Tech + Service) * Process
    4. Crawl, Walk, Run
    5. It Takes A Village
  3. How do I make one?

In our next episodes we’ll break down each of the steps and talk more about strategy…

139 episodes available. A new episode about every 23 days averaging 28 mins duration .