What the fuck is my information security "strategy"?

Making it up so you don't have to

How it works

VERBS
prioritize
train
facilitate
measure
identify
protect
correlate
implement
change
influence
enforce
manage
embrace
enable
audit
remediate
develop
accelerate
deploy
eliminate
NOUNS
risk
executive support
business
data
identity and access management
culture
cyber
intelligence
ROI
compliance
PCI
SOX
heat maps
3-year
PII
SDLC
perimeter
SOA
virtualization
malware
How to sound like an information security expert:

Mix together words from both columns to form sentences that make simple things sound more complicated than they are.

Voila, a fancy sounding "strategy" that you can put in your presentations.

The moral of the story? Information security should be about understanding risks and making it harder for bad things to happen. Not using fancy words.
About | Inspired by this | Made by Nitesh Dhanjani and these thoughts are obviously his own