Strategic planning is important to any organization that is concerning itself with its information

security objectives. For an organization, it's of crucial importance to establish and maintain a
strategic plan regarding all of the safeguarding aspects that can mitigate the many securities risks
that an organization may face in the near future.
Identify and describe the topics to be included in strategic planning for information security.
There are three main concepts pertaining to a company's strategic planning, which can be seen
below:
Enterprise strategic
Establishing long-term goals and objectives for a company, government agency, or nonprofit
organization, as well as creating plans to attain these goals and objectives, is known as enterprise
strategic planning.
IT strategic planning
IT strategic planning is the process of integrating IT management and operations into overall
business strategy. Following two strategic aspects, it is necessary to move beyond IT
management and make sure that the IT planning process relates to corporate strategic planning:
Mission relevance and organizational maturity.
Information security strategic planning
Information security management and operations are synchronized with business and IT strategic
planning through information security strategic planning. The widespread adoption and
importance of IT inside enterprises have led to a broader understanding of how IT can offer
value to the firm by reducing risk. Considering this, information security is a problem at all
levels of an organization's governance and decision-making processes, and information security
strategic planning is a crucial part of strategic planning.
Security threats associated with virtualization are given below
VM Sprawl - For specific workloads, virtual machines are created, and VM sprawl is the spread
of virtual machines uncontrollably and abandoned after serving their purpose. Because of the
unchecked proliferation, compromised the virtual machine's sensitive information as the
information is not regularly managed or updated.
Malware attacks - Because of the infected virtual machine images or without proper training
from users' the virtual machine is susceptible to malware or virus attacks. If the virtual machine
is infected, it spreads to all the virtual infrastructure.
Network configuration - Allowing the sharing of files between the virtual machines and unused
firewall ports are left. This is a poor configuration that leads to opening all which is needed for
hackers to take access to virtual infrastructure. Without the latest security firmware,
misconfiguration becomes a security risk that includes physical servers.
Access controls - Through the user's account on the management platform or through the access
of host servers physically, the attacker takes the virtual infrastructure access, which causes
system damage.
Hypervisor security controls - The platform that makes the virtual machines run is the
hypervisor. Therefore, migrating the risk of attacks without the proper security can fail the whole
virtual infrastructure.
How strategic planning can help to mitigate the security threats associated with
virtualization:
Strategic planning can play a huge role in mitigating security threats that can arise from
virtualization. To mitigate these risks, The IT department should consider the various phases
needed for a successful IT strategic planning process. Specifically for the risk mitigation of
security threats pertaining to virtualization. One of the steps would be to implement a long-term
business and technology outlook for the organization. This outlook should include the overall
mission and vision developed at the enterprise level. Secondly, a strategic deep dive should go
into effect. This will allow the IT team to identify the high-impacting areas of virtualization that
require more in-depth analysis. This in-depth analysis raises a strategic planning process. Lastly,
the enterprise executives should meet with the IT team to discuss the current state of all IT-
related systems and policies and assess them. This assessment can allow the team to discuss and
change any out-of-compliance technology that is being utilized in the virtualization environment.