Hi There,
I'm looking for one of these as our group company has asked all it's minor companies to create one, would anyone have a good example of one or a relevent template?
tks
dimo

I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!

The link is to a pdf document so you'll need a reader installed but I have no problems opening from the link on multiple machines.

This thread is a bit dated however I thought I'd chime in. The SANS 20 Critical Security Controls is a great source for building a strategic infosec plan. The controls are based on actual threats seen in the wild. Each control has  'quick wins' a company can start to implement and then more advanced implementations that could be the basis for a strategy.


http://www.sans.org/critical-security-controls/