Cybersecurity is the mission-focused and risk-optimized management of information which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy, and technology while perennially improving over time.

—Mansur Hasib, speaker, educator, career coach

INTRODUCTION

What exactly is a cyber strategy? Let's start by defining strategy. The word “strategy” is derived from the Greek word strategos, which is a combination of two words—stratia (meaning army) and ago (meaning to lead or move). Merriam-Webster defines “strategy” as “a careful plan or method for achieving a particular goal, usually over a long period,” or “the skill of making or carrying out plans to achieve a goal.”¹

A strategy is a course of action taken by management to achieve one or more of the organization's objectives. We may alternatively define strategy as “a broad direction established for the organization and its many components to reach a desired condition in the future.”

A comprehensive strategic planning process yields a strategy. A strategy is all about integrating organizational operations and using and distributing corporate resources to fulfill current objectives. We do not build a plan in a vacuum; let's keep this in mind. Any action conducted by an organization is likely to elicit a response from those affected, whether they are competitors, customers, workers, or suppliers. We may also characterize strategy ...