I'm looking for one of these as our group company has asked all it's minor companies to create one, would anyone have a good example of one or a relevent template?
PCI DSS, HIPAA, SOX, COBIT, ITIL, 27001... pick your poison. Policy discussions would go here as well.
tturner wrote:I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.
https://aeit.myflorida.com/sites/defaul ... 20Plan.pdf
Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.
I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!
Users browsing this forum: No registered users and 0 guests