The Bedel Security Blog

Making Strategic Planning Easy

Written by Brian Petzold | Nov 16, 2018

 

 

It's getting to be that time of year again. The time when many institutions should begin the process of updating their strategic plan. Sure, creating an IT and cybersecurity strategic plan can seem daunting at first, but it should not be. It helps to be proactive and give yourself time as opposed to putting if off and rushing through it before the year ends.

This week, we provide tips on how you can use some tools you already have to help create a strategic plan.

  1. Talk to managers: Strategic planning is a great time for an IT leader to sit down with managers from each area and ask them what their product and department needs are. These conversations usually result in insight into things that had until now been completely off the IT radar, avoiding surprises down the road. During strategic planning, communication cannot be stressed enough!

  2. Review the risk assessment: When the annual IT risk assessment is completed, an institution should be left with a list of controls that should be considered to mitigate risks inherent in assets throughout the company. Sometimes those controls get forgotten. Strategic planning is a great opportunity to pull out the risk assessment and ensure that implementing those controls has not slipped off the radar. Make sure any major control implementations are on your strategic planning list.

  3. Review audit findings: Most institutions are regularly managing a list of audit and exam findings. In many cases, these findings may represent large projects that need to be addressed and should be part of the strategic plan. Also, looking at where there are repeat findings can help focus planning on trouble areas during strategic planning.

  4. Review the Cybersecurity Assessment Tool (CAT): The CAT (or ACET for credit unions) is a great tool during strategic planning because it provides a roadmap of what is required to get to the next level of cybersecurity maturity that can be mapped out years into the future. If there are many CAT objectives which require policy changes, maybe the strategic roadmap needs to include a deeper policy review. If there are objectives that require a lot of work to accomplish, those should be added to the roadmap also. 

Because we work exclusively with financial institutions every day, we are in a unique position to provide industry-focused advice about what strategies we see work and which approaches we see fail. If you are having trouble getting your strategic plan together we can help give you some guidance. Use the button below to get started!