EH-Net

Hi There,
I'm looking for one of these as our group company has asked all it's minor companies to create one, would anyone have a good example of one or a relevent template?
tks
dimo :-\

Not wanting to sound negative, but if you're relying on a template to provide a strategy then you may be doing it wrong.

Might be better to ask the person/department asking for the information for an example of what they're expecting to see? Will ensure the information is relevant to your business and provide actual value, rather than just being another unused document that provides a tick in the box.

I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!

thanks there seems to be a problem opening that, i'll try later, as you say I'm trying to gather comparisions in order to gain a better understanding of what others have produced rather than simply cutting and pasting....if only life was that simple! ;D

The link is to a pdf document so you'll need a reader installed but I have no problems opening from the link on multiple machines.

This was so awesome I had to post it

http://whatthefuckismyinformationsecuritystrategy.com/

This thread is a bit dated however I thought I'd chime in. The SANS 20 Critical Security Controls is a great source for building a strategic infosec plan. The controls are based on actual threats seen in the wild. Each control has  'quick wins' a company can start to implement and then more advanced implementations that could be the basis for a strategy.


http://www.sans.org/critical-security-controls/ (http://www.sans.org/critical-security-controls/)