Strategy vs Operations vs Tactics

Cybersecurity is a cost center, not a revenue-generating business function. That means cybersecurity competes with all other departments for budget, and it necessitates a compelling business case to justify needed technology and staffing. Business leaders are getting smarter on the topic of cybersecurity, so cybersecurity leadership needs to rise above the Fear, Uncertainty & Doubt (FUD) mentality and deliver value that is commensurate with the needs of the business. To present cybersecurity in the best light possible, it requires business planning and with that comes a need to understand the components involved in planning.

Cybersecurity Business Planning Requires Stratgy, Operations and Tactics

Having a hierarchical business plan is a logical step to operationalize the business’ requirements. Understanding the hierarchy of business planning documentation can lead to well-informed risk decisions, which influences technology purchases, staffing resources, and management involvement. This is your opportunity to step up by designing and implementing a cohesive cybersecurity strategy that will be an asset to your company and enable you to be the cybersecurity leader that your organization needs you to be.

Some of the most-abused business planning statements are strategy, operations, and tactics. While these terms are used by organizations across the globe, the terms have their origins in military planning where the terms have very unique scopes that are important to understand. Hierarchically, tactics support operations and operations support strategy.

STRATEGY > OPERATIONS > TACTICS

The definitions of “strategy vs operations vs tactics” primarily comes down to doctrine. The concepts of strategy, operations and tactics are directly rooted in military planning. The US Army’s formalization of this doctrine occurred in the 1982 release of Field Manual (FM) 100-5 as a way to formalize a logical approach to describe the “levels of war” that span from the generals in charge, all the way to the lowly private in the trenches.

There is overlap between strategic, operational and tactical levels, so there is no clear demarcation that can be uniformly applied to all organizations. The actions of individual contributors at the tactical level stack up to support broader operational goals, which in turn are designed to support a strategy that is aligned with the company’s success. As it applies to the private sector:

  • Strategic - At the strategic level, an organization employs available resources to secure its business goals & objectives (e.g., corporate business plan).
  • Operational - At the operational level, an organization uses available resources to attain those strategic goals & objectives within a specific Line of Business (LOB).
  • Tactical - At a tactical level, departments/teams employ techniques/procedures to support operational objectives, as defined by the LOB.
Cybersecurity Strategy vs Operations vs Tactics

You can read more about this at: https://complianceforge.com/free-guides/strategy-vs-operations-vs-tactics