Episode 198 - Building a Security Strategy Part 1

Episode 198 – Building a Security Strategy – Part 1 Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach… What is a Strategy? What's the difference between a strategy and a policy? A policy is binding statements A strategy is thought out planning A list of tech you want to buy A remediation plan that follows an audit/assessment A continued justification for the way you've always done things The stuff your favorite vendor told you needs doing What a strategy isn't… Based on the needs and desires of the org and its senior leaders Culturally relevant A guide to where investment (money and people) need to be made Balanced between boldness and reassurance Built on a set of capabilities that map to business success criteria A strategy is… Creates a consistent frame of reference for talking about the program Helps senior leaders understand the where/why of the investments Lays out a connected story for CFOrg to make budget less hard Provides a decision-making framework that enables effective choices Why do you want one? Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village How do I make one? In our next episodes we'll break down each of the steps and talk more about strategy…

You can listen to Episode 198 - Building a Security Strategy Part 1 online on Radio and Podcast. Open the player on this page to stream the available audio.

Episode 198 - Building a Security Strategy Part 1 is an episode from The Southern Fried Security Podcast by Martin Fisher.

This episode is 25:39 long.

This episode was published on Jun 24, 2017.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from The Southern Fried Security Podcast when more episodes are available from the podcast feed.