What are the three hierarchically related aspects of strategic planning and in which order should they be done?
What are the three hierarchically related aspects of strategic planning and in which order should they be done?
The correct order for the three hierarchically related aspects of strategic planning is: 1) Enterprise strategic planning, 2) Information technology strategic planning, and 3) Cybersecurity or information security strategic planning. Enterprise strategic planning sets the overall direction and goals for the organization. Information technology strategic planning then aligns IT goals and strategies with the enterprise strategy to ensure IT investments support the broader organizational objectives. Finally, cybersecurity or information security strategic planning integrates and aligns with both enterprise and IT strategies to ensure that security measures are effectively incorporated to protect the organization's assets.
Must be C, how can you develop a security plan when you don't know what you are protecting (the IT reference architecture)
This is the correct executive perspective. C is correct.
The correct answer is C. 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning.
Ref: NIST SP 800-39 Explanation: Enterprise Strategic Planning: According to NIST SP 800-39, enterprise-level strategic planning is the starting point where the organization’s overall risk management strategy is defined. Information Technology Strategic Planning: This strategic planning aligns IT goals with the enterprise strategy. The IT strategy supports and enables the overall business objectives. Cybersecurity or Information Security Strategic Planning: Information security strategy is developed in alignment with both enterprise and IT strategies. It ensures that security measures are integrated and support the broader organizational goals.