Strategic Planning
In this assignment, students will apply all concepts learned throughout the course. Students will clearly communicate their understanding of what is required to secure an organization’s most critical assets.

In a 750- to 1000-word paper, describe the main components of a 1- to 3-year strategic plan you would present to your organization’s senior leadership for consideration and implementation.

You may choose to do this for a federal agency or an organization from the private sector.

Make sure to address the following:

1. Name five critical policies you feel the organization should have and why they are important

2. Name five critical risks most organizations face and how they can be addressed

3. What framework or certification process would you recommend the organization implement and why?

4. Indicate time, resources, and technology that may be required as part of the implementation process

Make sure to reference academic or NIST official publications (most current year available via the Internet) or other relevant sources published within the last 5 years.

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

Strategic planning refers to the process of forming a strategy and planning or deciding on how an organization can allocate resources regarding the strategy. Examples of a strategic plan include objectives and goals that the organization is planning to achieve after a certain set period. The strategic planning process requires an organization to set goals, analyze them, form a strategy, implement the strategy then monitor the strategy closely to see if it’s working. If not, the organization needs to restart the strategic planning process for better results.
Policies in an organization are formulated to address specific concerns such as advisory concerns, informative and regulatory concerns (David, 2019). In the advisory, policies ensure that all the employees have an idea of the consequences of certain behavior. For example, organizations have policies on how the internet should be used and if violated then some consequences follow. In informative, the policy is designed to inform the employees and customers. For example, in some business organizations, some goods cannot be returned once a customer buys.
In regulatory concern, the policy ensures that the standards of the organization are at per with the laws. Organizations that use this policy are the ones that deal with the health and the federal government. These policies are documented in a high-level manner by the organization to guide it through strategic planning and management. They are formulated by the management and are meant to define, specify and detail the employees’ expectations regarding meeting the needs of customers. It also gives a clear guideline on how the management intends to meet everyone’s needs.
There are critical policies that an organization should have. These are a security policy, disaster recovery policy, marketing policy, financial policy and a general policy (Nickols, 2016). An organization needs to have a security policy to dictate how the management is committed to the operation, use and the general security of the systems and assets. The disaster recovery policy is a plan that helps an organization respond to unexpected incidents related to IT infrastructure for example, the networks, software, and hardware. This policy helps in planning the overview and the main goals of the plan.
The marketing policy assists the organization in giving a constant guide in the process of planning which ensures that each strategy is in line with ethical objectives (Hillier, 2016). The financing policy is choices, decisions or regulations that relate to the organization’s financial system. For example, the lending system, payment system, and borrowing system. This policy is formulated to promote market efficiency, financial stability and enhancing the organization’s value for its stakeholders. The general policy of an organization involves all the principles shared with stakeholders. Policies help in managing the legal risks to an organization.
Many organizations face critical risks such as security risk, marketing risk, liability risk, change management and competitive risk (Simons, 2016). Security risk, the organization needs to identify security threats and vulnerabilities then come up with a plan to reduce the risks. The market risk is when an organization puts out a product in the market and even does a promotion. There is a risk of the product not selling and the organization having to spend so much resulting in a loss. This can be avoided by creating a well-calculated strategic plan that covers market risk management.
A liability risk is a vulnerability that is responsible for an organization’s loss. For example, when there is a fire and the devices get burnt. This kind of risk makes the organization to incur a loss. Liability risk can be avoided by forming a strategic plan that covers liability risk management. Change management is a risk that occurs when an organization reorganizes its departments. There is a risk of employees not resisting the change. To avoid this risk, employees should be involved in strategic planning. Competitive risk is when competitors prevent an organization from achieving its goal. This happens when an organization takes the conservative approach which can be avoided.
An organization should implement the cybersecurity framework. The framework provides a well-structured methodology for cybersecurity management (Shen, 2014). All activities entailed in a cybersecurity program are incorporated in the framework that meets the needs of the organization. The framework complements the risk management program and cybersecurity program of the organization. Creating a framework provides the organization an opportunity to identify and rectify or strengthen areas that need it.
A strategic plan should be implemented at the beginning of the year or a term. A meeting should be held when all the members of the organization are present. This comprises of staff to managers. the meeting is meant to open the functioning of the plan. In strategy implementation, both financial and non-financial resources are either available or lacking but required (Formentini, 2019). Resources required are such as finances and time. Again, the internet will be required during the implementation of a strategic plan. this helps in updating the policies of the organization for the use of customers.
Generally, for an effective strategic planning, an organization needs to come up with a list of critical risks that it can be vulnerable to, come up with policies that will help in managing the legal risks and a framework that best works to suit the organization’s needs. During the implementation of a strategic plan, resources such as money and time are required. No plan can be executed without money to cater for the expenses. The organization also requires technology for efficient implementation. The internet will ensure that policies and regulations are well communicated.

Bryson, J. and George, B., 2020. Strategic management in public administration. In Oxford Research Encyclopedia of Politics.
Nickols, F. (2016). Strategy, strategic management, strategic planning, and strategic thinking. Management Journal, 1(1), 4-7.
David, F. R., & David, F. R. (2019). Strategic management: A competitive advantage approach, concepts, and cases. Pearson.
Albrechts, L., Balducci, A., & Hillier, J. (Eds.). (2016). Situated practices of strategic planning: An international perspective. Routledge.
Simons, R. (2016). Strategy Execution Module 13: Identifying Strategic Risk.
Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. SciTech Lawyer, 10(4), 16.
Shahul Hameed, N.S., Salamzadeh, Y., Abdul Rahim, N.F. and Salamzadeh, A., 2022. The impact of business process reengineering on organizational performance during the coronavirus pandemic: moderating role of strategic thinking. Foresight, 24(5), pp.637-655.
Formentini, M., Ellram, L. M., Boem, M., & Da Re, G. (2019). Finding true north: Design and implementation of a strategic sourcing framework. Industrial Marketing Management, 77, 182-197.
Opatha, H.H.D.N.P., 2023. In Search of Meaning and Content of Strategic Human Resource Management for Teaching and Learning Purpose. Sri Lankan Journal of Human Resource Management, 13(1).