A strategic plan is a long-term fairly stable plan and defines security purpose of the organization. It is aligned to the goals, mission, and objectives of the organization and helps to understand security posture. Generally its period is of five years and is maintained and updated annually. A strategic plan includes a risk assessment and long-term goals and visions for the future are discussed here.
A tactical plan is ad-hoc based upon unpredicted events. It is a midterm plan developed to provide details on accomplishing the goals set forth in the strategic plan. It is useful for about a year and often prescribes and schedules the tasks necessary to accomplish organizational goals. Some examples of tactical plans are project plans, acquisition plans, hiring plans, budget plans, maintenance plans, support plans, and system development plans.
An operational plan is a short-term, highly detailed plan based on the strategic and tactical plans. It is valid or useful only for a short time and must be updated often (such as monthly or quarterly) to retain compliance with tactical plans. Operational plans spell out how to accomplish the various goals of the organization. They include resource allotments, budgetary requirements, staffing assignments, scheduling, and step-by-step or implementation procedures. Operational plans include details on how the implementation processes are in compliance with the organization’s security policy. Examples of operational plans are training plans, system deployment plans, and product design plans.”
Excerpt From: Mike Chapple. “(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide.” iBooks.
No comments:
Post a Comment