Sources of information about the business strategy could include existing strategy
documents, the corporate annual report, town-hall meetings, interviews with relevant
executives and the vision of common requirements of the enterprise architecture (EA).
Technology drivers are typically inherent in the IT strategy and EA. Examples that will
influence the cybersecurity strategy planning include:
Sources for information about the technology drivers also include the IT strategy
documents, EA documents and CIO town-hall meetings.
Competitive differentiation — CISOs must establish if the competitive differentiation
is based on price, service, quality leadership or a combination of these elements.
■
Market-share growth strategy.
■
Merger and acquisitions strategy targets that can be achieved via acquisition
(organic growth) or geographic expansion (vertical or product expansion).
■
Product strategy.
■
Brand protection and enhancement.
■
Legal and regulatory requirements.
■
The prevailing risk culture and risk appetite of the board of directors (BoD) and other
senior executives.
■
Cloud adoption strategy.
■
Data center consolidation.
■
Technology platform consolidation.
■
Edge computing.
■
Automation.
■
IT and cybersecurity operating model changes — for example, changes in
accountability, risk decision processes and outsourcing.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.