Created by the Security Executive Council
The importance of having an effective strategic plan or equivalent is universally accepted. Identifying the goals for the Security function and developing a plan to achieve those goals is necessary to define priorities. More important, a strategic plan provides an opportunity to ensure alignment with business objectives.
In this 2016 Security Barometer, we set out to investigate Security’s strategic planning process, including what is going into the strategic plans and what the ultimate purpose of the plans is.
Are Strategic Plans Standardized Within Organizations?
Each organization will have its own models regarding how strategic plans are published and communicated (or even if they are required or not). It depends on the culture of the organization as well as the expected role of the Security team. The results of this Security Barometer appear to indicate that roughly the same number of organizations use standardized or templated plans as those that don’t.
How are Strategic Plans Used?
Whether they are used to influence senior management or to codify senior management’s desires, strategic plans should ultimately be used to guide decision making within the team. Clearly the worst thing to happen with strategic plans is to spend time to create them and then have them ignored. Unfortunately, almost 20% of respondents in the survey felt their strategic plans were ignored or rejected, and only 34% were using their strategic plan to influence management.
What is Included in the Strategic Plan?
The actual elements that go into a strategic plan are usually determined by the organization’s culture. Try to obtain examples of strategic plans from other functional areas within your organization before searching externally, since these likely will help indicate what your senior management expects.
The following provides some insight into the prevalence of strategic plan elements with this survey cohort.
The Security Executive Council is made up of successful organizational security executives with extensive experience creating and communicating security strategic plans. Contact us to find out how to tap into our body of knowledge