Developing a Strategy and Vision
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome to Module 2.3: Developing a Strategy and Vision.
00:00
In this module, we will discuss developing a strategy,
00:00
developing a vision, and gaining approval.
00:00
When we're developing a privacy strategy,
00:00
it's incredibly important to ensure that
00:00
business alignment is something that
00:00
is considered with our strategy.
00:00
If our privacy strategy does not align with
00:00
our business strategy or overall organizational strategy,
00:00
it's going to be very difficult to have the roots of
00:00
your strategy really get in
00:00
bed embedded within your organization.
00:00
Finalize operational business case for privacy.
00:00
If you haven't created a business case
00:00
for why privacy exists we'll
00:00
discuss some of the elements of
00:00
that throughout this course,
00:00
however, it's important to make sure that you've proved
00:00
your case to key stakeholders or shareholders.
00:00
That privacy needs to be taken
00:00
seriously throughout your organization.
00:00
You identify stakeholders;
00:00
don't forget those external stakeholders,
00:00
leverage key functions, create
00:00
a process for interacting with the community,
00:00
and align and adjust the culture as needed.
00:00
As time goes on, culture certainly has to play
00:00
a role in how you manage
00:00
your program internally and externally.
00:00
We develop your privacy strategy,
00:00
we have to make sure you obtain funding.
00:00
Putting a program together not
00:00
only cost money in individuals,
00:00
but also at times insurance, software,
00:00
and other expenses related to ensuring that
00:00
your program is solid and can mature.
00:00
Development. Development statements on collection,
00:00
authorized use, access,
00:00
and destruction of information is important.
00:00
Privacy inquiry complaint handling is
00:00
something that also needs to be considered
00:00
within your strategy and program flexibility
00:00
due to external factors whether they are legislative,
00:00
regulatory, market or business
00:00
requirements that may change.
00:00
In creating a vision,
00:00
privacy vision should align
00:00
with the organizational objectives.
00:00
It should provide feedback to key stakeholders,
00:00
it should be short and succinct.
00:00
A few sentences at most,
00:00
maybe about 30 seconds to read.
00:00
So your audience understands
00:00
the overall vision of your program.
00:00
Now keep in mind the strategy is going o be
00:00
a much more detailed explanation
00:00
of what your program needs to accomplish.
00:00
The vision is something that not only
00:00
internal but also external stakeholders could see.
00:00
Here's an example of a vision statement
00:00
put out by the Stanford University Privacy Office.
00:00
You can see here, they
00:00
work to protect the privacy of the university,
00:00
employee, patient, and other confidential information.
00:00
Our office helps to ensure proper use and disclosure of
00:00
such information as well as foster
00:00
a culture that values privacy through awareness.
00:00
The Privacy Office provides
00:00
meaningful advice and guidance
00:00
on privacy best practices,
00:00
and expectations for the university community.
00:00
Now, you don't have to copy verbatim their vision.
00:00
You have to make sure of course it
00:00
aligns with your organization,
00:00
but you can see here that they covered a lot of the items
00:00
we discussed previously under creating a vision.
00:00
It's important to gain executive approval or
00:00
leadership approval for your strategy and vision.
00:00
The vision can and should it be approved
00:00
before an actual program is developed.
00:00
That is key. Vision can
00:00
be amended before the program is running.
00:00
It's okay to make changes as you
00:00
find out more throughout creating your program.
00:00
C-Level and Board of Directors should
00:00
provide written approval of the vision.
00:00
It's important to have the approval
00:00
so people know throughout your organization and
00:00
external that you are operating with
00:00
the authority necessary to create
00:00
the privacy program within your organization.
00:00
Evaluate the objective. Is the vision attainable?
00:00
What major obstacles exist?
00:00
Is funding acquired?
00:00
Does the vision reach all stakeholders?
00:00
We talk about funding here in bullet 3.
00:00
There could be some statements made or
00:00
some "promises" made within the statement
00:00
of the vision that may not necessarily align with
00:00
the strategy of the program or with the organization.
00:00
It's important to make sure we don't
00:00
overstate what is included in vision
00:00
because it could change the scope
00:00
or the budget requirements
00:00
of putting our program together.
00:00
Last, does the visual reach all stakeholders?
00:00
It's important to make sure we're
00:00
including those external stakeholders.
00:00
You noticed within the privacy statement provided by
00:00
the Stanford University that they reference patient,
00:00
so they must have a medical school
00:00
that is at Stanford University and at that,
00:00
that medical school is certainly
00:00
covered under that privacy vision.
00:00
They did a great job of understanding what functions and
00:00
all their stakeholders that are required to
00:00
reach that vision and to include in that vision.
00:00
Stakeholders and shareholders can come
00:00
in many different ways to an organization,
00:00
so it's important to make sure you have
00:00
an open discussion about all of
00:00
the stakeholders and shareholders potentially that are
00:00
required to be part of your privacy program development.
00:00
Quiz question. Before the privacy vision is announced,
00:00
it should be, one;
00:00
written in Times New Roman, two,
00:00
agreed upon by the committee,
00:00
or three, have executive approval?
00:00
Of course the answer is three, have executive approval.
00:00
It's important to make sure that you are
00:00
operating with the authority you need to,
00:00
to go out and preach about what
00:00
your program does and how you can help the organization.
00:00
In this module, we discussed
00:00
developing a privacy strategy and vision.
00:00
We also discussed the importance
00:00
of organizational structure and
00:00
approval for your program
00:00
as it relates to the strategy and vision.
Up Next
Instructed By
Similar Content
