Strategy: If You Don't Know Where You're Going, You'll Never Get There

Thursday, April 12 | 1:00PM–2:00PM ET | Watertable Ballroom AB, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
Mission, combined with vision and strategy, is the most important tool in leading a decentralized security program. Many struggle to create and explain an information security strategy because it is different from business or IT strategy. Traditional SWOT doesn't fit security well; a threat and constraints analysis framework works better. Layering a strategic philosophy over a matrix based on the NIST CSF creates a framework for understanding the value of security investments and a way to communicate to senior leaders. A security strategy provides alignment across decentralized organizations.

Outcomes: Explore what a cybersecurity strategy is and how it differs from business and IT strategy * Learn how to create a cybersecurity strategy for your college or university * Learn how to leverage a security strategy to run a security program in a distributed IT and educational environment


  • Don Welch

    CIO, New York University

Resources & Downloads

  • SPC Cyber Security Strategy

    9 MB, pptx - Updated on 10/25/2018