Strategic Framework (Inputs to Strategic Planning) ◾ 61
mental models and beliefs are key to understanding a group’s culture. We have found individual
and group surveys and interviews to be helpful in gathering this kind of information. To get an
idea about corporate culture, listen to what people both inside
and outside say about the culture. Corporate culture is created
by the way people speak to each other and treat each other and
their customers.
Of course, we would be remiss if we did not mention know-
ing the culture of potential competitors and other signifi cant
organizational threats such as the forces of industrial espionage,
cyber criminals, and hackers in general. Understanding the cul-
ture and ways of potential threats is imperative for good strategy.
e reader will fi nd many examples of utilizing cultural knowl-
edge of potential threats in the tactical chapters of this book.
National and International Requirements (Political and Economic)
Indeed, to some extent it has always been necessary and proper for man, in his
thinking, to divide things up; if we tried to deal with the whole of reality at once,
we would be swamped. However when this mode of thought is applied more
broadly to man’s notion of himself and the whole world in which he lives (i.e., in
his world-view) then man ceases to regard the resultant divisions as merely useful
or convenient and begins to see and experience himself and this world as actually
constituted of separately existing fragments. What is needed is a relativistic theory,
to give up altogether the notion that the world is constituted of basic objects or
building blocks. Rather one has to view the world in terms of universal fl ux of
events and processes.
David Bohm
Many business drivers for security are the product of national and international requirements. It is
critical to identify and understand the inputs relevant to your industry in order to build a strategy
and security program properly balanced between risk reduction and effi cient operations. Much
of the external regulatory environment, external audit environment, and political climate of your
organization must be factored into your determinations in this arena.
e security requirements that arise from national and international requirements are tre-
mendously varied and in various states of fl ux depending on the industry and global regions in
which you function. Some industry groups like aerospace have long-standing organizations in
both national and international segments that provide guidelines, requirements, and regulations
that will be input into security strategic plans.
Some international standards have been evolving in place for some time and have created
well-recognized standards for organizations such as ISO, which was discussed in the Industry
Standards portion of this chapter as well. Other arenas have emerging voices such as a new forum
for multi-stakeholder new policy dialogue, the Internet Governance Forum (IGF), or the World
Wide Web Consortium (W3W), which is the international standards organization for the World
Wide Web, or the nonprofi t public benefi t corporation, the Internet Corporation for Assigned
Names and Numbers (ICANN). ICANN is a not-for-profi t public-benefi t corporation with par-
ticipants from all over the world dedicated to keeping the Internet secure, stable, and interoperable.
We cannot enter into informed alliances
until we are acquainted with the designs of
our neighbors and the plans of our adver-
saries. When entering enemy territory, in
order to lead your army, you must know the
face of the country—its mountains and for-
ests, its pitfalls and precipices, its marshes
and swamps. Without local guides, you are
unable to turn to your account the natural
advantages to be obtained from the land.
Without local guides, your enemy employs
the land as a weapon against you.
Sun Tzu
TAF-K11348-10-0301-C004.indd 61TAF-K11348-10-0301-C004.indd 61 8/18/10 3:03:56 PM8/18/10 3:03:56 PM