Page 25 - CISSO_Prep_ Guide
P. 25
current ways of doing business. Just as the company is looking to
evolve, so also must the security strategy be aware of new
technologies, new business drivers, and emerging threats. The
rapidly changing operational environment may result in operating
conditions that are substantially different from current conditions.
Since strategy is long term - with a focus on the future - the
security manager must become a visionary that is looking at the
world of the future when putting together a security roadmap. A
security budget that is only aware of current or past issues will
not earn the respect of senior managers that are focused on long
term goals. This requires the security manager to talk with senior
managers, listen to their perception of the future, and seek to
develop a strategy that supports and enables new business
initiatives.
Business Alignment
One of the essential responsibilities of the security professional
is to design a security program that is aligned with the strategic
direction of the organization. Business is always moving, and
new technologies emerge. That can present new opportunities
for the company. The company does not remain static, so the
security program must also be flexible, forward-thinking, and
creative. One of the most severe errors a security professional
can make is to design a security program that provides solutions
for yesterday's problems. The IT security program must align
with the future direction of the business.
The security manager may not welcome the direction the
business is going, (after all, security was much simpler 20 years
ago in a centralized mainframe environment [with no internet]
than it is today). Still, regardless of the desires of the security
