It’s not uncommon for people to communicate without consistent terminologies or definitions and that shapes buzzwords.
What is a strategy? It depends on the context and who uses it. A typical organization structure can be broken down into three levels: senior management, middle management, and staff.
I would define a strategy as an approach or a high-level plan (or strategic plan), which is developed and implemented to fulfill long-term goals, vision, or mission. To evaluate if a strategy is achieved, objectives, key performance indicators (KPI), and metrics are developed and organized int to a hierarchy. e.g. the balanced scorecard is used in COBIT to evaluate the IT strategy.
When a CEO decides to take a “growth strategy”, he or she may acquire companies or go into a merger or joint ventures. “Growth” is an approach, high-level plan or strategy; there is no details or action plan yet.
It’s common for a senior manager or middle manager to make a decision by selecting one from the alternatives based on the cost/benefit analysis. The selected alternative can also be called a strategy.
Strategic Plan as a Blueprint
According to the Cambridge Dictionary, governance is the way that organizations or countries are managed at the highest level, and the systems for doing this.
The board of directors and senior management collectively are the authority at the highest level which manages an organization. They are accountable for the result of the organization. So, the governance level refers to the board of directors and senior management.
I would simplify the academic definition of governance and define governance as the “Management Practices of The Board and Senior Management.”
The following is my definition of management:
In the context of information security, we use this term “Assessment” all the time; say, Risk Assessment, Vulnerability Assessment, Security Assessment, and the like.
Some people use “analysis”, “evaluation”, and “assessment” interchangeably. However, they are not the same thing.
I won’t define “assessment” in this post. Instead, I’d like to invite you to contribute and share your idea or perspective with us!
I am looking forward to your feedback and thank you for your contribution!