78 ◾ Security Strategy: From Requirements to Reality
7. Manage your planning environment—Face-to-face planning sessions are very diff erent
in dynamics than virtually facilitated sessions; make sure the methodology and facilitator
skills are appropriate. One key to good strategic planning is creating an environment that
is not being constantly assailed by the demands of the work environment from e-mail,
cell phone, BlackBerry, instant messaging, and other technology. Getting an environment
and giving a group time to focus are critical for success. How long will your sessions
be— several sessions long or just one long session, face-to-face or virtual, or a bit of both?
How will you conduct presession activities to get participants up to speed? What kinds of
follow-up will you plan?
Last, but not least, how does the facilitator’s style work with the elements of the planning
process chosen? Develop specifi c agendas for each meeting which complement the facilita-
tor’s style of working.
8. Execute—Conduct, implement and review, reevaluate, and revise your strategic plan based
on data you gather.
9. Completion—Once you have completed a strategic plan, run through the necessary review
cycles, and completed the formal documents and reports, the strategy must be commu-
nicated in multiple formats, including presentations, releases, staff reviews, and written
reports. Working with a communication focal will help design a communication plan for
getting the strategic plan out and keeping it there.
In the next section of this chapter we will discuss the fundamentals of creating a strategic plan
once the plan for planning is in place. ose elements will include the following:
1. Building of a strategic foundation that includes the questions “What is this organization
about?” and “Where do we want to play?” or vision/values/mission/strategic initiatives
2. Analysis stage of strategic planning
Table 5.1 Types of Strategic Planning Facilitation
External Internal
All can participate Understands culture
Brings outside resources Knows how things are done
Has third-person perspective May know where resistance is
Is not entrenched in cultures Carries less cost
Can talk about “elephants” in room
Is easier to navigate internal politics
Disadvantages
Additional cost Finds it harder to negotiate corporate politics
May not be there for entire cycle Can’t be a participant if facilitating
Takes time to learn culture Has diffi culty expressing insights
Is harder to get respect of the group
TAF-K11348-10-0301-C005.indd 78TAF-K11348-10-0301-C005.indd 78 8/18/10 3:04:40 PM8/18/10 3:04:40 PM
Developing a Strategic Planning Process ◾ 79
3. Strategy formulation or planning stage (which will include goals, objectives, and targets)
4. Implementation and/or a reality check focusing on “How are we doing?”
Building a Foundation for Strategy (High, Wide, and Deep)
Planning strategy follows a process regardless of the various models and tools employed in devel-
oping, deploying, and tracking strategic intent. First you build your foundation for security strat-
egy by answering these questions:
1. What business are we really in?
2. Where are we?
3. Where do we want to go?
4. What do we have to work with?
5. What’s happening that can help or hurt us?
Although the terminology may diff er from model to model, some basic building blocks are
at the heart of all strategic processes. e diff erences in model choice for organizations is often
based on stability of industry, cycle time requirements for strategic planning in that environment,
strategic planning skills of leadership, and the degree of accuracy required in modeling possible
courses.
A number of questions should be answered in any security group regarding the strategic plan-
ning process:
1. Is our strategic planning process documented?
2. Does our organization understand and know the process?
3. Is the process followed as documented?
4. Is the process changing and evolving? (It should be as you learn from each planning cycle.)
If your organization is involved in any kind of quality
movement, such as ISO standards, this shouldn’t be new news.
Documenting basic operational processes is part and parcel of
being a support organization in a quality environment and helps everyone in the organization
understand and improve the strategic planning process from year to year.
Here are the basic steps taken in a relatively stable planning environment.
1. Vision/mission/corporate values/strategic objectives
2. Analysis (environmental scanning, SWOT, etc.)
3. Strategy formulation (goals, measurable objectives)
4. Strategy implementation (assigned action steps)
5. Evaluation, control metrics
In the Beginning
Strategic planning is worthless—unless there is fi rst a strategic vision.
John Naisbitt
Without a vision, the people perish.
Proverb
TAF-K11348-10-0301-C005.indd 79TAF-K11348-10-0301-C005.indd 79 8/18/10 3:04:40 PM8/18/10 3:04:40 PM
80 ◾ Security Strategy: From Requirements to Reality
Vision, Mission, and Strategic Initiatives
Teamwork is the ability to work toward [a] common vision: the ability to direct indi-
vidual accomplishments toward organizational objectives. It is the fuel that allows
common people to attain uncommon results.
Andrew Carnegie
Vision Statement
All strategic planning processes begin with intent. Intent is nothing more than choosing a
potential course of action or forward movement. e organizational culture and strategic plan-
ning method chosen will determine how careful, considered, comprehensive, and important
a vision is for an organization. Intent typically will be driven by the engine of organizational
vision. Depending on the planning philosophy and methods deployed, this strategic activ-
ity may be called strategic visioning, creating a shared vision, creating a vision/mission state-
ment, creating a vivid description, or determining an organization’s reason for being or sense
of purpose.
From vision come passion, direction, mission, and the fi rst level of strategic initiatives. Often
the highest level vision encompasses mission and initiative, which remain in place for some period
of time as they are focused on a time many years away. Crafting a strong, inclusive, far-sighted
vision statement and/or mission statement is not an especially easy task and often takes a facilitator
to move a strategic planning body through the phases of crafting them. Numerous methods can
be used to develop vision statements. Choosing one or another again depends on the type of orga-
nizational culture in which one works. Even creating a “shared vision” (i.e., the Fifth Discipline)
that builds from people’s personal vision toward a co-created organizational vision has elements of
telling, selling, testing, and consulting. A strong vision state-
ment serves an organization well for many years as it navigates
the vicissitudes of organizational challenges. A vision statement
typically encompasses an organization’s beliefs and values and
refl ects back on who we are and where we want to go. It is the
framework and engine for all strategic planning. In essence, a strong vision creates the future des-
tiny of an organization. A vision statement should be clear, simple, and specifi c. Every member of
the enterprise should be able to understand and speak it and, ideally, feel strongly about it.
e process of creating a vision may vary somewhat depending on how you choose to create a
vision. Creating a shared vision or a preferred vision is diff erent from creating a vision statement.
Creating a vision is both a product and a process. Here is an example of how companies or orga-
nizations may choose to create a vision. Often a facilitator or team of facilitators may be used in
this process:
1. Conduct a thorough environmental scan (including stakeholders, customers, employees,
and other members of the extended enterprise).
2. Seek specifi c answers to questions posed to representatives of the various stakeholder
groups.
With regard to security, what kind of company do we want to be? ◾
What are our core values? (How do we want to do business together?) ◾
What do we want our reputation to be? ◾
Vision without action is a dream. Action with-
out vision is simply passing the time. Action
with vision is making a positive difference.
Joel Barker
TAF-K11348-10-0301-C005.indd 80TAF-K11348-10-0301-C005.indd 80 8/18/10 3:04:40 PM8/18/10 3:04:40 PM
Developing a Strategic Planning Process ◾ 81
How will we add value in our market? ◾
What products or services do we want to continue to off er, begin to off er, stop off er- ◾
ing, or outsource?
On what customer segments do we want to ◾ focus?
How would you describe what you see in the future? ◾
3. Hold discussions throughout your organization to fi nd the answers to these questions and
provide information to the strategic planning team.
4. Create a preferred future from the compiled data that
includes a clear vision and mission statement. Other
products may be produced as well, including a descrip-
tion of what the future looks like based on the input from
enterprise stakeholders.
5. Disseminate the visioning and strategic planning results
back to all stakeholders.
If your organization already has a vision and mission state-
ment, this may be a shorter process of review. As organiza-
tions grow, often their vision and mission may shift; you will
want to refl ect that fact in the vision and mission statements.
Mission Statement
An organizational mission statement is a written, easy-to-remember and easy-to-understand
sentence, a short list of bullet points, or a paragraph illustrating a business’s goals and pur-
pose. Ideally, a mission statement is no more than 25 words. A mission statement defi nes the
organization’s purpose and defi nes what it is that we do. e purpose of a mission statement
is to help guide organizational employees in making critical decisions in day-to-day opera-
tional decisions. A mission statement should clearly answer the question “What business are
we in?”
A mission statement should focus on one theme of an organization. Internal and/or external
facilitators or consultants can help facilitate crafting strong vision and mission statements. ere
are also software tools available on the Internet that will help you build, refi ne, and focus a mis-
sion’s statement. Whatever approach is used, the creative process takes time. Brainstorming is
the fi rst part of the process of creating a mission’s statement; second is focusing the statement on
a key attribute of an organization’s service or product that distinguishes its brand or approach.
Getting input from various parts of the organization and crafting a strong mission statement that
is motivating to an organization both take time, not rubber stamping. Remember, you are the one
who must consider the particular needs and wants that determine whether your mission statement
stands as it is or will need to be changed. Your mission statement will help you determine whether
or not your plans are really strategic.
Strategic Initiatives
After the creation of organization vision and mission comes the priority of focus, which is deter-
mined by the overall environmental scan and responses from extended enterprise stakeholders. at
prioritized focus is usually framed as a strategic initiative. A strategic initiative focuses on an issue
The leader’s job today, in 21st-century
terms, is not about gaining followership.
Followership is an outmoded notion.
Leadership starts with gaining alignment with
the mission and values of the organization:
What are we about? What do we believe as a
group? Goldman Sachs, where I serve on the
board, has achieved solid alignment around
its mission: “The clients’ interests always
come fi rst.” At Medtronic, we aligned around
the idea of “alleviating pain, restoring health,
and extending life.” It was clear that anyone
who didn’t buy into that could work some-
where else.
Bill George
TAF-K11348-10-0301-C005.indd 81TAF-K11348-10-0301-C005.indd 81 8/18/10 3:04:40 PM8/18/10 3:04:40 PM
82 ◾ Security Strategy: From Requirements to Reality
that will have signifi cant impact on organizational results. Cross-functional organizational support
is required for a strategic initiative to succeed. Strategic initiatives often have their own team work-
ing through similar stages to strategic planning itself: initiating,
launching, implementing, gaining momentum, and making
metrics reviews of progress. Generally, strategic initiatives will
focus on the organization’s market position, reputation, sales,
market share, earnings growth, or high-level organizational
positioning in the marketplace. Strategic initiatives are limited in number and help guide an orga-
nization in making foundational changes for a long-term focus that help invigorate, transform, and
focus an organization. Strategic initiatives will also generally come out of the next phase of strategic
planning analysis. Strategic goals and objectives will in turn help the organization accomplish stra-
tegic initiatives. For a security group, many of these initiatives will often be framed by the larger
enterprise, business unit, or functional initiatives. Many of them will include operational strategic
initiatives, such as productivity, impact, and customer-focused initiatives, that will directly impact
security. If your enterprise is focused on a LEAN Six Sigma initiative, you can bet part of your
strategic plan will need to consider that initiative as well.
Analysis
Data collected for the strategic planning process are gathered, reviewed, and analyzed at each stage
of the the strategic planning process. It is at this point that many of the tools cited in earlier chap-
ters prove themselves useful for methods of sorting through
the data gathered to identify trends and potential direction.
Strategic planners take a hard look at an internal analysis of
the organization’s strengths and weaknesses, juxtaposed with
external probabilities in the near term that will create oppor-
tunities or threats.
Some tools that are useful for the analysis stage are as follows:
Environmental scans ◾ are a useful wide outside look for strategic planners for providing
external data regarding the opportunities and threats portion of a SWOT. Many types
of environmental scans are useful from market surveys, trend data, or tools like Porter’s
fi ve force analysis, which evaluates barriers, suppliers, customers, substitute products, and
industry rivalry. PEST analysis is another external analysis sorting tool that considers polit-
ical, economic, social, and technology factors in the overall environment.
SWOT analysis ◾ is useful for determining organizational strengths and weaknesses, priori-
tizing opportunities and threats, and planning a course forward. An internal analysis of a
security group’s strengths and weaknesses should consider the main elements of the security
group such as its current culture, organizational structure, future staffi ng requirements ver-
sus the current employee base, current employee skill sets versus future demand, operational
capacity, and effi ciency, infrastructure, and fi nancial resources. While an internal analysis
can generate a lot of data, utilizing a SWOT analysis can help simplify and prioritize the
information that will be relevant to strategy formation.
e ◾ SABSA (Sherwood Applied Business Security Architecture) Model for security strategic
planning tackles the analysis portion of strategic planning by requiring an analysis of all
business requirements for security, especially those in which security has an enabling func-
tion through which new business opportunities can be developed and exploited.
If you are planning for one year, grow rice. If
you are planning for 20 years, grow trees. If
you are planning for centuries, grow men.
Chinese Proverb
You shouldn’t have a long term strategy any-
more, because you won’t be able to move
fast enough.
Orit Gadish
TAF-K11348-10-0301-C005.indd 82TAF-K11348-10-0301-C005.indd 82 8/18/10 3:04:40 PM8/18/10 3:04:40 PM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.