Once you have a good understanding of the organisation and the environment that it is operating in the next step is to decide how to respond. The analysis will provide you with an understanding of what is important to the organisation and where it wants to be in the future. This can help you to decide how the security function can best align itself to the organisation, and what actions need to be taken, to help the organisation meet its objectives. This should be documented in your vision and strategic mission (see Mission & Vision). You may need to generate and consider a number of options for the future before deciding on which is the most appropriate.
Once you have decided where you are heading you can devise your strategic objectives (see Objectives) which will take you there. Ideally, your objectives should include performance targets (see Performance monitoring) (ideally financial, percentage improvement or milestones) and state how they will be measured. You will then need to decide the steps required to meet your objectives and those responsible.
Throughout the whole process you will ideally need to continue to engage with the board or the senior management of your organisation (see Obtaining board approval), in order to ensure its support. Once the strategy is complete it should be endorsed at board level.
To summarise the key stages in this part are:
Defining the vision and strategic mission (see Mission & Vision)
Setting strategic objectives and performance targets (see Objectives and Performance monitoring)
Obtaining board approval (see Obtaining board approval)
The VMOST tool (see VMOST tool) provides a useful framework to follow. Indeed there are a range of tools (see list of Tools) that can support strategic development which have been included in the toolkit.
You are currently in: Step 2: Strategy Development
