IT Strategy Document

This topic contains 6 replies, has 4 voices, and was last updated by  eccodom 8 years ago.

  • Author
    Posts
  • #5962
     dimo 
    Participant

    Hi There,
    I’m looking for one of these as our group company has asked all it’s minor companies to create one, would anyone have a good example of one or a relevent template?
    tks
    dimo :-

  • #37303
     RoleReversal 
    Participant

    Not wanting to sound negative, but if you’re relying on a template to provide a strategy then you may be doing it wrong.

    Might be better to ask the person/department asking for the information for an example of what they’re expecting to see? Will ensure the information is relevant to your business and provide actual value, rather than just being another unused document that provides a tick in the box.

  • #37304
     tturner 
    Participant

    I agree with what Andrew said, but sometimes it’s beneficial to see an example. Here’s the IT Security strategic plan for the state of Florida.

    https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

    Obviously it’s geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

    I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That’s what I did when I created the security plan for my organization and it’s likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that’s pushing it. Good luck!

  • #37305
     dimo 
    Participant

    @tturner wrote:

    I agree with what Andrew said, but sometimes it’s beneficial to see an example. Here’s the IT Security strategic plan for the state of Florida.

    https://aeit.myflorida.com/sites/default/files/files/2010-2012%20Florida%20Enterprise%20Informaiton%20Technology%20Security%20Strategic%20Plan.pdf

    Obviously it’s geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

    I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That’s what I did when I created the security plan for my organization and it’s likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that’s pushing it. Good luck!

    thanks there seems to be a problem opening that, i’ll try later, as you say I’m trying to gather comparisions in order to gain a better understanding of what others have produced rather than simply cutting and pasting….if only life was that simple! ;D

  • #37306
     tturner 
    Participant

    The link is to a pdf document so you’ll need a reader installed but I have no problems opening from the link on multiple machines.

  • #37307
     tturner 
    Participant

    This was so awesome I had to post it

    http://whatthefuckismyinformationsecuritystrategy.com/

  • #37308
     eccodom 
    Participant

    This thread is a bit dated however I thought I’d chime in. The SANS 20 Critical Security Controls is a great source for building a strategic infosec plan. The controls are based on actual threats seen in the wild. Each control has  ‘quick wins’ a company can start to implement and then more advanced implementations that could be the basis for a strategy.

    http://www.sans.org/critical-security-controls/

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?