2025-04-05 - Venables - Security Programs - A Plan Is Not a Strategy

Security Programs - A Plan Is Not a Strategy - Readwise Highlights

Metadata

• Author: Phil Venables
• Full Title: Security Programs - A Plan Is Not a Strategy
• Category: articles
• Summary: A strategy defines how an organization aims to win in security, while a plan outlines specific actions to achieve that strategy. Effective security strategies should focus on risk transparency, reducing control costs, and improving productivity. It’s important to remember that planning is not the same as having a strategy; strategy is about a clear theory of success.
• URL: https://www.philvenables.com/post/security-programs-a-plan-is-not-a-strategy

Highlights

• a strategy specifies a competitive outcome you wish to achieve, based on a coherent theory of winning (View Highlight)
• A strategy is a short statement from which you can derive regular plans in different contexts. (View Highlight)