Step 10: Evaluate for Policy Improvements
The previous steps dealt with the element of practice in an enterprise cybersecurity program. In this step, turn your attention to policy. Using notes taken in earlier steps as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, compile a list of the policies that will best support the cybersecurity framework.
As the CISO, you will be expected to consider both strategic foresight leadership and strategic alignment to core business functions when reviewing cybersecurity policies. Include potential policy improvements or solutions to missing elements for your financial services organization. Note positives and negatives of aspects of each policy. The next step will build upon this work.
Strategic foresight leadership is what holds together every successful organization. The concept is used in the Department of Defense, Defense Industrial Base, and successful companies nationally and internationally, but is not commonly used or executed well across other federal agencies or many private sector communities.
Organizations gain an advantage when they rely on robust, sound, and mature strategic foresight management processes to understand upcoming external changes in relation to internal capabilities and drivers, recognizing long-term threats and opportunities, and positioning the organization’s capital assets to address them (Nordmeyer, n.d.).
Strategic foresight leadership “maintains the alignment of an organization’s activities and resources with its vision, mission and strategy to improve financial and operating performance,” and strategic advantage (Nordmeyer, n.d.). It provides a means to convert a strategic-foresight plan to a sound mature framework that supplies feedback and tracking of foreseeable changes and behaviors, and allows the strategic [foresight]-plan to evolve as an organization’s operating environment, objectives, and operating requirements change (Cleland, 1996).
Strategic foresight flourishes if it motivates the organization to learn more effectively and to be more inventive in developing strategies and initiatives, and if it helps to pursue the organizational vision with more compelling results (Rainey, 2010). Click on each component in the left column to find out more.