Organizations are becoming more and more integrated with IT
            systems and processes that span many different silos. For
            example, IT systems span across departmental boundaries
            (Customer Relationship Management systems (CRM), and
            Enterprise Resource Planning systems (ERP).) This creates a
            new level of complexity since a breach or failure in one area
            will quickly lead to a problem in other departments or systems.
            Just like the human body, the body cannot ignore an infection in
            one place; today's IT is the same. Weakness in one system
            becomes a weakness throughout the organization. A breach in
            one area may quickly lead to a compromise in another
            department. We have even seen how a violation in an
            environmental control system (air conditioning) for a building
            could result in a breach of the organization's core IT and
            financial systems. The focus of security today must be on
            consistency - protecting everything as well as we can and being
            able to respond quickly and effectively whenever anything does
            go wrong.

            This requires a new attitude and approach to both IT and IT
            security. IT and IT security are not just departments or silos -
            they are the basis and foundation on which most business
            processes run today. They must see themselves and be seen as a
            supporting function that is woven throughout the organization.
            IT supports every business department, interleaving data
            between systems, and providing consistent, measurable levels of
            risk management, structure, and direction to every part of the
            organization.

            Some of the methods used to develop a security plan can include
            the SWOT analysis and the Balanced Scorecard.