H. Security Strategy Development.

Question 1

What is a strategy

Answer 1

A plan to achieve an objective

Question 2

What is the concept of strategy

Answer 2

Understand where you are now and where you want to be. The strategy is the path to follow to get from where you are (current state) to where you want to be (strategic objective).

Question 3

What is an objective

Answer 3

A desired future state for the organization’s security posture and level of risk.

Question 4

Strategic alignment - an objective of a strategy

Answer 4

The desired future state, and the strategy to get there, must be in alignment with the organization and its strategy and objectives.

Question 5

Effective risk management - an objective of a strategy

Answer 5

A security program must include a risk management policy, processes, and procedures. Without risk management, decisions are made blindly without regard to their consequences or level of risk

Question 6

Value delivery - an objective of a strategy

Answer 6

The desired future state of a security program should include a focus for continual improvement and increasing efficiency.

Question 7

Resource optimization - an objective of a strategy

Answer 7

strategic goals should efficiently utilize available resources.

Question 8

Performance measurement - an objective of a strategy

Answer 8

the ongoing security and security-related business operations should themselves be measurable,

Question 9

Assurance process integration - an objective of a strategy

Answer 9

An effective strategy would work to break down these silos and consolidate assurance processes, reducing hidden risks.