Strategy Management
Control & DirectionStrategy Management is the core of Security Direction. It provides a structured workspace for creating multi-year security strategies, tracking their progress through a defined lifecycle, linking them to your Security Charter, and managing budgets and approvals. Each strategy supports versioning, cloning, and a rich detail view with eight dedicated tabs.
Strategies integrate with Security Charter (alignment), Steering Committee (approval authority), Objectives & Outcomes (cascading goals), Execution Tracking (execution), and Workflows (approval processes).
Strategy list
Navigate to Security Direction → Strategy to view all strategies. The list view displays strategies in an editable table with search, filtering, and pagination. Use the filter bar to narrow results by status, category, or needs approval flags.
The Strategy Stats Bar at the top of the page provides a summary of strategy counts by status, giving you a quick read on how many strategies are in Draft, Active, Archived, or Retired state.
Creating a strategy
Open the creation form
Click New Strategy from the strategy list page. This opens the strategy creation form.
Fill in core details
Provide the following fields:
- Name — A descriptive title for the strategy (e.g., “FY2026 Enterprise Security Strategy”).
- Description — A summary of the strategy’s scope and intent.
- Period — The time period the strategy covers (e.g., “FY2026-FY2028”).
- Category — A classification for grouping strategies.
- Domain — The security domain this strategy addresses.
- Owner — The person accountable for the strategy.
Set dates and review cadence
Configure the Start Date and End Date to define the strategy’s active window. Select a Review Frequency to establish how often the strategy should be revisited (e.g., quarterly, annually). SecureHive tracks the next review date automatically based on this cadence.
Define objectives
Use the objectives editor to add strategic objectives inline. Each objective captures a name, description, priority, status, and target date. You can add objectives now or manage them later from the Objectives tab.
Set budget
Enter the Budgeted Amount and select the Budget Currency (defaults to USD). Budget tracking allows you to compare planned spend against actual spend from the strategy detail view.
Save
Click Save to create the strategy in Draft status.
Strategy detail page
Each strategy has a detail page with eight tabs that organize all related information.
| Tab | Purpose |
|---|---|
| Overview | Displays the strategy owner, start/end dates, charter link, budget and resources summary, and committee approval status. Link or unlink a Security Charter from this tab. |
| Objectives | Manage strategic objectives with inline editing. Add, edit, or delete objectives. Each objective has a name, description, priority, status, and target date. |
| Goals | View and manage linked CISO Goals. Link or unlink goals using the dialog. Supports inline editing of goal details. |
| Projects | View and manage linked projects for execution tracking. Link or unlink projects using the dialog. |
| Workflow Configuration | Override the tenant-default approval workflow for this specific strategy. View available STRATEGY workflows and configure instance-level role mappings. |
| Approvals | View the current workflow status, take approval actions, and review Steering Committee approval history. |
| Alignment | Side-by-side comparison of charter objectives against strategy objectives. Shows counts of linked policies, controls, and risks. |
| Activity History | A chronological log of all changes and actions taken on the strategy. |
Status lifecycle
Strategies follow a defined lifecycle with four statuses. Transitions are controlled through explicit actions on the detail page.
| Status | Description | Available actions |
|---|---|---|
| Draft | Initial state for new or cloned strategies. The strategy is being authored and is not yet active. | Edit, Submit for Approval, Activate, Delete |
| Active | The strategy has been approved and is the current operating plan. Only one version of a strategy should typically be active at a time. | Edit, Archive, Retire, Clone |
| Archived | The strategy is no longer active but is preserved for historical reference. | Activate (to restore), Delete |
| Retired | The strategy has been permanently retired and replaced by a newer version. | Delete |
Deleting a strategy is permanent. Consider archiving or retiring strategies to preserve the historical record for audit and compliance purposes.
Versioning
Each strategy has a Version field (defaults to “1.0”) and an optional Parent Strategy reference. When you need to revise an active strategy, clone it to create a new version linked to the original. This preserves the full history of how your security direction has evolved.
The parent strategy reference connects versions together, allowing you to trace the lineage of a strategy from its initial creation through subsequent revisions.
Cloning a strategy
Click Clone on an existing strategy to create a copy. The cloned strategy inherits the original’s objectives, linked goals, and configuration but starts in Draft status with an incremented version number. Use cloning to prepare the next iteration of a strategy without modifying the active version.
Budget tracking
Each strategy tracks a Budgeted Amount and Actual Spend in a specified currency. The Overview tab displays budget utilization so you can monitor whether execution is tracking to plan. Budget data is visible alongside progress percentage, objectives completed, and objectives total for a holistic view of strategy health.
Charter linking
From the Overview tab, you can link a strategy to a Security Charter. This connection establishes formal alignment between your strategic plan and the charter’s mandate. The Alignment tab provides a side-by-side view of charter objectives and strategy objectives to verify coverage.
Actions reference
| Action | Description |
|---|---|
| New Strategy | Create a new strategy in Draft status |
| View | Open the strategy detail page |
| Edit | Modify strategy fields and configuration |
| Activate | Move the strategy to Active status |
| Archive | Move the strategy to Archived status |
| Retire | Move the strategy to Retired status |
| Submit for Approval | Route the strategy through the configured approval workflow |
| Approve | Record an approval decision (available to workflow participants) |
| Clone | Create a copy of the strategy as a new Draft version |
| Delete | Permanently remove the strategy |
Permissions
Managing strategies requires the strategy:manage permission. Users with this permission can create, edit, activate, archive, retire, clone, and delete strategies. Users without this permission can view strategy details but cannot make changes. Approval actions are governed by the configured workflow role mappings.