| Added value |
The benefits, including economic and other (sometimes referred to as ‘hard’ or ‘soft’), that the strategy will bring to the organisation. |
| Alignment |
Ensuring that the security strategy is focused on the organisation’s priorities. |
| Awareness raising |
Getting people interested in security, to make them realise that it affects them. |
| Board |
The Board, sometimes know as a Board of Directors, Board of Trustees, or Advisory Board, are the ultimate decision makers for the organisation. |
| Business continuity management |
Planning to ensure that your organisation can continue to function in the event of an unforeseen event. |
| Business strategy |
A business unit strategy, for example a subsidiary company. |
| Chief Executive Officer |
This is the operational head of the organisation, they may also be known as the Director or Managing Director as opposed to Chairman or President. |
| Competencies |
These are capabilities, for example defined processes or technical or subject matter knowledge. |
| Competitive advantage |
The advantage that one organisation has over its competitors. |
| Consultation |
Seeking information, advice or agreement from others, this can be done one-to-one or in a group setting. |
| Corporate strategy |
- The overall purpose of an organisation.
- The strategy for the whole organisation.
|
| Crisis management |
Crisis management deals with how an organisation manages the wider impact of a disaster, such as a flood or terrorist attack, and providing the best response to that crisis. |
| Dependencies |
What your actions are dependent upon and could be financial, human or other. |
| Deliverable |
A tangible or intangible object achieved as part of the implementation plan. |
| Disaster recovery planning |
The recovery processes in response to a natural or manmade disaster, for example preparing for the recovery or continuation of the technological infrastructure of the organisation. |
| Education |
Provides information about the security threats and vulnerabilities and what they can do to protect themselves. |
| Functional strategy |
See operational strategy. |
| Goal |
General statements of aim or purpose. |
| Hard benefits |
Value added usually described in financial terms. |
| Implementation plan |
Sometimes known as a business, project or strategic plan which will document the various actions required to meet the strategic objectives. |
| Milestone |
These are agreed points in the implementation of the strategy where performance or progress can be reviewed. |
| Mission statement |
Documents the overall purpose of your security function. |
| Objective |
The specific outcomes to be achieved in order to meet the vision. |
| Operational strategy |
How parts of the organisation deliver the corporate strategy, e.g. the security strategy. |
| Opportunity |
Areas for potential development or improvement external to the organisation. |
| Organisational culture |
The shared culture, or beliefs and values, of the people within an organisation. |
| Performance monitoring |
This will determine whether progress is being made against the action plan and whether objectives are being met. |
| Performance targets |
Targets used to measure performance, of the strategy for example. |
| PESTEL |
A tool that helps you to analyse the environment in which your organisation functions. |
| Plan |
The actions required to meet a desired outcome or end point. |
| Policy |
An organisation's standpoint on a subject documenting how they will operate and respond. |
| Resource |
These are available assets and include physical and financial assets, as well as human resources such as employees. |
| Security audit |
An intensive review of the security function. |
| Security gap |
The difference between the security function's capability and what it needs to be to allow the organisation to meet its long term objectives. |
| Security risk assessment |
A review of the organisation's security risks and how they will be responded to. |
| Security risk/threat |
Something which could have a negative impact on the security of the organisation, including its property, assets, staff, data or reputation. |
| Soft benefits |
Qualitative added value such as increased staff morale. |
| Stakeholder analysis |
A stakeholder analysis identifies the individuals or groups who are likely to be affected by the strategy and their requirements. |
| Strategic analysis |
The first step of the strategy process, an analysis of the organisation and the environment that it is operating in to be able to make informed decisions. |
| Strategic review |
A review of the strategy to ensure that it is still relevant and fit for purpose. |
| Strategy |
The long term direction. |
| Strength |
An organisation's strengths, these are internal to the organisation. |
| Tactics |
The specific actions required to meet the objectives. |
| Threat |
The threats to the organisation, these are external. |
| Training |
Teaches people new behaviours. |
| Value proposition |
This concisely documents what you do in terms of tangible results for the organisation. |
| Vision statement |
Documents the security aspirations for the future. |
| Weakness |
An organisation's weakness, these are internal to the organisation. |
