HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 82 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Compliance, Regulations & Standardsarrow IT Strategy Document
EH-Net
May 26, 2012, 03:48:11 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: IT Strategy Document  (Read 34596 times)
0 Members and 1 Guest are viewing this topic.
dimo
Newbie
*
Offline Offline

Posts: 16



View Profile WWW
« on: January 13, 2011, 03:47:17 AM »
Hi There,
I'm looking for one of these as our group company has asked all it's minor companies to create one, would anyone have a good example of one or a relevent template?
tks
dimo Undecided
Logged
C|EH C|HFI ECSA Comptia Security +
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #1 on: January 13, 2011, 05:29:17 AM »
Not wanting to sound negative, but if you're relying on a template to provide a strategy then you may be doing it wrong.

Might be better to ask the person/department asking for the information for an example of what they're expecting to see? Will ensure the information is relevant to your business and provide actual value, rather than just being another unused document that provides a tick in the box.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #2 on: January 13, 2011, 10:20:10 AM »
I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!
« Last Edit: January 13, 2011, 10:23:21 AM by tturner » Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
dimo
Newbie
*
Offline Offline

Posts: 16



View Profile WWW
« Reply #3 on: January 13, 2011, 01:18:25 PM »
Quote from: tturner on January 13, 2011, 10:20:10 AM
I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!


thanks there seems to be a problem opening that, i'll try later, as you say I'm trying to gather comparisions in order to gain a better understanding of what others have produced rather than simply cutting and pasting....if only life was that simple! Grin
Logged
C|EH C|HFI ECSA Comptia Security +
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #4 on: January 13, 2011, 01:20:34 PM »
The link is to a pdf document so you'll need a reader installed but I have no problems opening from the link on multiple machines.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #5 on: January 14, 2011, 01:28:14 PM »
This was so awesome I had to post it

http://whatthefuckismyinformationsecuritystrategy.com/
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
eccodom
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #6 on: September 26, 2011, 04:10:11 PM »
This thread is a bit dated however I thought I'd chime in. The SANS 20 Critical Security Controls is a great source for building a strategic infosec plan. The controls are based on actual threats seen in the wild. Each control has  'quick wins' a company can start to implement and then more advanced implementations that could be the basis for a strategy.


http://www.sans.org/critical-security-controls/
Logged
-Harms
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.26 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.