82 ◾ Security Strategy: From Requirements to Reality
that will have signifi cant impact on organizational results. Cross-functional organizational support
is required for a strategic initiative to succeed. Strategic initiatives often have their own team work-
ing through similar stages to strategic planning itself: initiating,
launching, implementing, gaining momentum, and making
metrics reviews of progress. Generally, strategic initiatives will
focus on the organization’s market position, reputation, sales,
market share, earnings growth, or high-level organizational
positioning in the marketplace. Strategic initiatives are limited in number and help guide an orga-
nization in making foundational changes for a long-term focus that help invigorate, transform, and
focus an organization. Strategic initiatives will also generally come out of the next phase of strategic
planning analysis. Strategic goals and objectives will in turn help the organization accomplish stra-
tegic initiatives. For a security group, many of these initiatives will often be framed by the larger
enterprise, business unit, or functional initiatives. Many of them will include operational strategic
initiatives, such as productivity, impact, and customer-focused initiatives, that will directly impact
security. If your enterprise is focused on a LEAN Six Sigma initiative, you can bet part of your
strategic plan will need to consider that initiative as well.
Analysis
Data collected for the strategic planning process are gathered, reviewed, and analyzed at each stage
of the the strategic planning process. It is at this point that many of the tools cited in earlier chap-
ters prove themselves useful for methods of sorting through
the data gathered to identify trends and potential direction.
Strategic planners take a hard look at an internal analysis of
the organization’s strengths and weaknesses, juxtaposed with
external probabilities in the near term that will create oppor-
tunities or threats.
Some tools that are useful for the analysis stage are as follows:
Environmental scans ◾ are a useful wide outside look for strategic planners for providing
external data regarding the opportunities and threats portion of a SWOT. Many types
of environmental scans are useful from market surveys, trend data, or tools like Porter’s
fi ve force analysis, which evaluates barriers, suppliers, customers, substitute products, and
industry rivalry. PEST analysis is another external analysis sorting tool that considers polit-
ical, economic, social, and technology factors in the overall environment.
SWOT analysis ◾ is useful for determining organizational strengths and weaknesses, priori-
tizing opportunities and threats, and planning a course forward. An internal analysis of a
security group’s strengths and weaknesses should consider the main elements of the security
group such as its current culture, organizational structure, future staffi ng requirements ver-
sus the current employee base, current employee skill sets versus future demand, operational
capacity, and effi ciency, infrastructure, and fi nancial resources. While an internal analysis
can generate a lot of data, utilizing a SWOT analysis can help simplify and prioritize the
information that will be relevant to strategy formation.
e ◾ SABSA (Sherwood Applied Business Security Architecture) Model for security strategic
planning tackles the analysis portion of strategic planning by requiring an analysis of all
business requirements for security, especially those in which security has an enabling func-
tion through which new business opportunities can be developed and exploited.
If you are planning for one year, grow rice. If
you are planning for 20 years, grow trees. If
you are planning for centuries, grow men.
Chinese Proverb
You shouldn’t have a long term strategy any-
more, because you won’t be able to move
fast enough.
Orit Gadish
TAF-K11348-10-0301-C005.indd 82TAF-K11348-10-0301-C005.indd 82 8/18/10 3:04:40 PM8/18/10 3:04:40 PM