Strategic Management is one of the most important issues of information security governance which can be divided into strategy formulation and strategy execution.
As a CISO, you have to think strategically to develop the information security strategy and align the InfoSec strategy to the business goals and objectives and the upper-level corporate or business strategy.
Reviewing the mission/vision statement, BCG Matrix, SWOT analysis, Porter’s value chain, and five forces model are useful tools for you to develop the strategy.
After the strategy is crafted, the PMI OPM (Organizational project management) strategy execution framework is an ideal one to implement your strategy. Other frameworks, such as COBIT or ITIL, are alternatives in terms of strategy execution.