When it comes to designing a cybersecurity program, what is the most important thing to know before you begin? You need to know where you are right now. If you don't know where you are, the first step you take may be over the cliff, so please don't do that. You haven't even finished the book yet!

For every business there is a vision, a mission, and one or more goals. This may seem trivial, but it is very important to put those down on paper. If it is your business, then you already know them. You may need to develop them a bit further, but in essence, you do know them, even if you think you don't.

Vision and Mission Statements

A mission statement is your company's raison d'être. It's as existential as it gets. It tells the world why you exist. A vision statement, on the other hand, is more directional than it is existential. One is who and why we are, the other is what we are. The website TopNonProfits.com has collected the top vision and mission statements for several nonprofits. I have taken a few and paired them up to show the difference between mission (top) and vision (bottom) statements:

ASPCA

• Mission: To provide effective means for the prevention of cruelty to animals throughout the United States.
• Vision: That the United States is a humane community in which all animals are treated with respect and kindness.

Cleveland Clinic

• Mission: To provide better care of the sick, investigation into their problems, and ...