If you spend enough time outside in bad weather, you learn storms have shapes. Small storms - squalls - can float right by you and not put a drop of rain on your head.
Part of navigating a boat is going around storms - no need to get wet unnecessarily. That's the role of the captain.
Creating the plan. Navigating the storms - and ending up at the destination.
In business, there's also a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action.
In business, we use policies.
Policies are equal parts of what we will do and what we won't.
They're a communication tool.
Of all the infinite possibilities, here are the lines our business will work within.
Lines to work within… not a list of exact steps.
They're way markers.
In cybersecurity policies…
- Do apply software patches within 14 days.
- Don't share passwords and logins between people.
“How are we going to achieve this?” is of no concern.
But remember, policies need wiggle room for creativity - to complete the plan and reach the destination.