Strategy maps – security as business value
It is a somewhat stale statement that security should contribute to the business to enable new business initiatives. You might also say this by stating that security should be an enabler of the business, rather than a blocker. Yet this is easier said than done – it is hard to determine how security enables the business.
To map out how an activity contributes to the wider goal of an organization, especially in cases where conflicting activities and goals need to be balanced, a compromise created, or a new innovative solution found, businesses need to develop a strategy.
Strategy is a commonly misunderstood term. A strategy is not a plan. A strategy is what you need when you're dealing with a situation in which outcomes can be uncertain based on the actions of others. A good strategy considers scenarios and is grounded in a deep understanding of the drivers of business processes, value chains, and how attacks compromise...