Senior leadership in InfoSec functions need to perform annual strategic planning with budgets, staffing plans, project planning, etc. However, this activity should not take a considerable amount of time. Suggested timelines include one hundred and fifty (150) hours of aggregate effort.
Should strategic planning require more time an observation has been that a re-org / redesign may be required. Said changes should focus on clarity with respect to roles & responsibilities, reporting structures, procurement / solution requirements, operational work streams, P&L, and vendor mgmt. Furthermore, strategic planning activities should include both grassroots and top-down involvement.
No comments:
Post a Comment