I love this article by Kevin Beaver on goals for your ISP. Although it's already the end of March, it is applicable at any time of the year because it discusses:
- Focusing on continuous improvement in information security. It can't happen overnight, and you are never truly "there". Keep asking yourself: "How can we be better tomorrow than we were yesterday?"
- Prioritizing your goals. Remember - If everything is important, then nothing is.
- Taking a pragmatic approach. Kevin mentions being reasonable several times in his article. Align your ISP goals with business goals and make sure they are feasible.