It eliminates the need for technical controls.

It ensures all stakeholders are involved and expectations are clear.

It guarantees unlimited budget for cybersecurity.

It replaces the need for leadership support.

Because they provide technical expertise.

Because they can escalate issues and provide necessary resources.

Because they write the strategy document.

Because they are not involved in the strategy.

To ensure that only the IT department is responsible.

To clarify roles, responsibilities, and ensure support from all parties.

To avoid any form of documentation.

To make the strategy secretive.

Using a standard template and regular reviews.

Only updating it when issues arise.

Ignoring version control.

Keeping it confidential from peers.

Every day.

Only when a problem occurs.

Quarterly, half-yearly, or annually, depending on the cadence that suits.

Once every five years.

To make the document look professional.

To ensure consistency and facilitate version control.

To confuse stakeholders.

To avoid the need for updates.

The color of the strategy document.

The available budget and financial support.

The number of stakeholders involved.

The technical controls to be implemented.