Security Strategy
Security Strategy is the long-term plan that defines how information security will achieve the organization's desired state and support its objectives. CISM expects the strategy to be driven by business goals, not technology for its own sake.