Do you know the results of your current security posture? It directly ties into what you will need to be successful in keeping your company secure. Your goals should always root in concrete and achievable results. Many times over the years I have worked in different committees in the corporate world and come up with great plans. Everyone worked together nicely and we’re proud of our results and at the end of the day, nothing changed. What went wrong?
There were no results. We did not come up with a way to implement the results necessary to bring the project into reality. We can talk about the results we are getting or maybe not getting.
What Are Results
So what is considered a goal that has results vs a goal that is only planning and will not get an? results. An example of a poor goal would increase sales over last year. That does not give any specific results that can be achieved. For one thing, a good way to get results you needed is to add a quantifiable number to them. Such as achieving 17% growth in sales year over year. Another thing is it needs to be specific to the result you are interested in. When you do this you give your goals something that everyone can work toward.
Results can also be not tied to a number but to a specific personal goal such as you want fewer headaches playing referee between your direct reports. This can and should be a results based goal that you can work toward. It does not always have to be a number. The important thing is do you get the results and are these results tied to your corporate goals and objectives.
What Does Good Look LIke?
So what does a good result based goal look like in cybersecurity? Many of the concepts above may have been talked about in the past but rarely do you see this applied to cybersecurity. So let’s look at a couple. First, you may be experiencing many cybersecurity attacks per year and you would like to reduce them. So your goal may be to reduce attacks by 50% in the next year. That is a good results based goal it has a time frame and a specific number and it can be measured. Many times people look at their cybersecurity and say I don’t want to get hacked. Very weak goal and is not going to get you to a secure posture.
Another example is a not quantifiable goal such as you are in the executive ranks. Your results based goal could be, to reduce the number of cybersecurity incidents you have to be directly involved in by 75%. This is again an achievable and results based goal even though it does not necessarily have numbers attached to it. Or you could say I want to experience fewer cybersecurity related problems within the next 2 quarters. This may seem to be more amorphous but it is still rooted in results, and that is the key. Keep your eye on the goals, and their results and you will be safer and more secure. Finally, keep in mind that a good trusted advisor can help with these types of goals. The objectivity of a trusted advisor can be the extra push you need to get these into place.