Strategy is a method or plan chosen to bring about a desired future, such as achievement of a goal or solution to a problem.

Strategic Planning

Strategic Planning is an organization’s process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people.

Strategy Definition

A good strategy provides a clear roadmap, consisting of a set of guiding principles or rules that define the actions people in the business should take (and not take) and the things they should prioritize (and not prioritize) to achieve desired goals.

SWOT Analysis

SWOT analysis is a strategic planning technique used to help a person or organization identify the Strengths, Weaknesses, Opportunities, and Threats related to business competition or project planning.[1] It is intended to specify the objectives of the business venture or project and identify the internal and external factors that are favorable and unfavorable to achieving those objectives.

Strengths and Weakness are frequently internally-related, while Opportunities and Threats commonly focus on environmental placement.

  1.  Strengths: characteristics of the business or project that give it an advantage over others
  2.  Weaknesses: characteristics of the business that place the business or project at a disadvantage relative to others
  3.  Opportunities: elements in the environment that the business or project could exploit to its advantage
  4. Threats: elements in the environment that could cause trouble for the business or project

Developing Strategy and Turning It into Action

1. Create a vision for the strategy
The vision should set out what the organization wants to achieve with the implementation of the strategy. It could also refer to how the vision of the strategy links to the mission and vision of the organization. The vision should be short and easy to understand and communicate. It should motivate the stakeholders involved, and should be a view shared by everyone involved in implementing the strategy.

2. Set strategic goals
Once the organization has identified its strategy, it must identify its strategic goals. Strategic goals are the key goals the organization must achieve its vision. These are high-level descriptions of the actions that the organization will take to address the risks it is exposed to. These goals will close the gap between the current state the organization finds itself in, and its desired state. Once these goals have been achieved, the organization will be in a better position to move forward.

After the strategic goals have been identified, they must be prioritized, as the organization will likely not have the time and resources available to achieve all goals. The aim is to identify the goals that are nonnegotiable and that must be achieved for the organization to remain resilient in the face of an attack.

3. Set objectives
Once the most important strategic goals have been identified, objectives should be set for each goal. The objectives are the specific items that must be accomplished to achieve the overarching strategic goals. For example, if one of the strategic goals of an organization is to protect its systems using technology, an objective could be to implement an intrusion detection tool.

4. Create action plans and set milestones
Each objective can then be developed into an action plan, with a specific person allocated responsibility for each task. The action plan should include milestones that state when certain actions should be accomplished. Referring to the example used before, milestones for the implementation of an intrusion detection tool could include the acquisition date, installation date, testing date, and date on which it will be fully operational.

5. Use metrics to measure progress
Metrics are used to measure whether goals and objectives have been achieved successfully. It provides management with the information necessary to make decisions, and aids in holding stakeholders accountable. Metrics can range from impact measures (such as return on investment), to effectiveness and efficiency measures (such as the number of system-level controls that are implemented). It is important that the metrics used by the organization are specific to the nature of its goals and objectives.

6. Make improvements
Management should regularly check on the progress made on the achievement of objectives, as there is no purpose in compiling a strategy if it is not implemented. Mechanisms should be in place to improve metrics that are not being met. This might require updates to the action plans, or the allocation of more resources to meet the objectives. Regular feedback should be given to relevant stakeholders on the progress made. Lastly, the risk mitigation strategy should be reviewed and updated on a regular basis to ensure that it remains current and relevant to the organization’s operations.

Challenges when implementing a Strategy

Depending on the requirements of an organization’s strategy, leaders may face several pitfalls during implementation. Management should be aware of the challenges associated with implementation, including the following:

  • Compliance: Ensure that the strategy complies with the legal and regulatory requirements of the country in which the organization operates. It’s important to keep in mind, however, that laws and regulations change, particularly as the business landscape evolves. The strategy should change accordingly, if necessary.
  • Collaboration: Collaboration between different departments within an organization is often required when implementing a strategy. Roles and responsibilities must be allocated to each task, and a common methodology should be established. The completion of tasks across departments should be tracked, especially if one department’s tasks are dependent on the completion of another department’s tasks. The interdepartmental nature of an enterprise wide strategy might also result in tension between the different managers when it comes to the allocation of resources and the timeframes allocated to tasks. Keep in mind the leadership and governance structures provide principles on ensuring the holistic integration of a company’s culture.
  • Allocating financial resources: It might be difficult to obtain the necessary financial resources to implement the plan successfully, as there are usually competing needs within an organization.
  • Allocating human resources:  The implementation of some of the goals included in the strategy might require skills and expertise that the organization does not have. This will require the recruitment of additional human resources, which will have operational and financial implications.
  • Appropriate metrics: There might be differences in opinion as to which metrics should be used to measure the successful implementation of the plan.
  • Adaptability:  The business landscape is constantly changing, and new threats regularly arise. Therefore, strategies should be agile and reviewed on a regular basis, as some of the strategic goals might have to be updated.

Due to the complexities involved in the implementation of an enterprise wide strategy, an organization should appoint a leader who is responsible for the development and implementation of the strategy. This person should have the necessary skills and expertise to address the challenges that arise, and should have the authority to ensure that the strategy becomes a practical reality instead of just a paper exercise.