.

IT Strategy Document

<<

dimo

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Apr 08, 2008 5:27 am

Location: Ireland

Post Thu Jan 13, 2011 4:47 am

IT Strategy Document

Hi There,
I'm looking for one of these as our group company has asked all it's minor companies to create one, would anyone have a good example of one or a relevent template?
tks
dimo :-\
C|EH C|HFI ECSA Comptia Security +
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Jan 13, 2011 6:29 am

Re: IT Strategy Document

Not wanting to sound negative, but if you're relying on a template to provide a strategy then you may be doing it wrong.

Might be better to ask the person/department asking for the information for an example of what they're expecting to see? Will ensure the information is relevant to your business and provide actual value, rather than just being another unused document that provides a tick in the box.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jan 13, 2011 11:20 am

Re: IT Strategy Document

I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/defaul ... 20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!
Last edited by tturner on Thu Jan 13, 2011 11:23 am, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

dimo

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Apr 08, 2008 5:27 am

Location: Ireland

Post Thu Jan 13, 2011 2:18 pm

Re: IT Strategy Document

tturner wrote:I agree with what Andrew said, but sometimes it's beneficial to see an example. Here's the IT Security strategic plan for the state of Florida.

https://aeit.myflorida.com/sites/defaul ... 20Plan.pdf

Obviously it's geared towards providing security services at the state level but it may give you some insight as to how one possible format works.

I would caution you against copy and pasting this or any other plan though. You need to develop and document a strategy that makes sense within the context of your organization. Even within the same industry, management priorities and strategy may vary wildly. You may want to request a copy of the business strategic plan so you can develop an IT plan that supports those objectives. That's what I did when I created the security plan for my organization and it's likely what your organization is going to want to see. IT has a role in supporting business operations, not just existing for its own sake. You have to draw those lines of connection and show how you will support those business initiatives. Also keep in mind that typical business strategic plans are 3 to 5 year timelines. That is just not feasible for a technology oriented strategic plan. The landscape changes too quickly. 1 to 2 years seems to be a good target, or possibly 3 but that's pushing it. Good luck!



thanks there seems to be a problem opening that, i'll try later, as you say I'm trying to gather comparisions in order to gain a better understanding of what others have produced rather than simply cutting and pasting....if only life was that simple! ;D
C|EH C|HFI ECSA Comptia Security +
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jan 13, 2011 2:20 pm

Re: IT Strategy Document

The link is to a pdf document so you'll need a reader installed but I have no problems opening from the link on multiple machines.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jan 14, 2011 2:28 pm

Re: IT Strategy Document

This was so awesome I had to post it

http://whatthefuckismyinformationsecuritystrategy.com/
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

eccodom

Newbie
Newbie

Posts: 5

Joined: Thu Jan 17, 2008 7:00 pm

Post Mon Sep 26, 2011 4:10 pm

Re: IT Strategy Document

This thread is a bit dated however I thought I'd chime in. The SANS 20 Critical Security Controls is a great source for building a strategic infosec plan. The controls are based on actual threats seen in the wild. Each control has  'quick wins' a company can start to implement and then more advanced implementations that could be the basis for a strategy.


http://www.sans.org/critical-security-controls/
-Harms

Return to Compliance, Regulations &amp; Standards

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software