When it comes to designing a cybersecurity program—privacy-first or otherwise—what is the most important thing to know before you take the first step? You need to know where you are right now.

The probability that you're designing a cybersecurity program from scratch should be low. I would certainly hope that you have something in place, ideally something robust enough that we can take and mold into a privacy-first cybersecurity program.

Be that as it may, hope alone will not suffice! We'll still need to “do the do” and look at the program (existing or not) anew.

We will start by answering a few rather existential questions:

What's the Point of It All?

For every business there is a vision, a mission, and one or more goals. This may seem trivial, but it is very important to put those down on paper. If it is your business, then you already know them. This will be our starting point.

Vision and Mission Statements

A mission statement is your company's raison d'être. It's as existential as it gets. It tells the world why you exist. A vision statement, on the other hand, is more directional than it is existential. One is who and why we are; the other is what we are.

The website TopNonProfits.com has collected the top vision and mission statements for several nonprofits. ...