Information Security – Strategic and Tactical

As part of my series of blogs on the CISSP, CISA & CISM certifications I am taking a look at how these fit into the Information Security professional’s world.  A successful Information Security Management Systems is about having a clear vision and mission objectives (Strategic) and creating effective and efficient action plans to put the vision and mission objectives into action (Tactical).

Strategic Planning

The strategic planning is about how to accomplish the long term goals and objectives of the organisation over a period of 3-5 years typically. It is a macro-oriented approach with emphasis on the big picture for the organisation

Tactical Planning

The tactical planning is about how to implement the policies and decisions from the strategic planning on a micro-oriented approach over a short time frame of 6 to 18 months.

ISMS Planning

For an ISMS to be successful, it must be aligned with the business goals, the strategic planning enables the ISMS to be developed taking into the high level mission statements of the organisation along with its long term business plans.  The tactical planning will break each strategic goal into a series of incremental objectives with a delivery date in the short to medium term with resourcing, budgets and personnel critical components at the tactical plan level. Operational planning is the short term task of implementing the tactical plans on a day to day basis.

Information Security Certifications

CISM

The CISM is a premium certification for the Information Security Manager and concentrates on the process of ensuring business goals are incorporated into an ISMS, its domains are essential for the strategic planning of a ISMS.

CISSP

The CISSP certification is a premium certification for the Information Security professional and the (ISC)² common body of knowledge of the CISSP is essential for the tactical planning of an ISMS.

CISA

The CISA certification is the premium certification for ISMS auditors and those who interact with auditors. The ISMS audit process ensures the implementation and operation of the ISMS meets complies with the standards, policies and controls the organisation have set themselves.

<><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><> <><>

ISMS Area	Certifications
Compliance	·         CISA ·         ISO 27001 Auditor/Lead Auditor ·         ISMS Auditor ·         GIAC Certifications
Strategic	·         CISM ·         GIAC Certifications
Tactical	·         CISSP ·         ISEB ·         GIAC Certifications
Operational	·         Non Vendor Certifications ·         Vendor certifications