A CISSP’s job is to reduce risk.

If you know the goals, objectives, and mission of the company, then it becomes easier to know what to protect from risk, and how to protect it.

CISSPs need senior management support.

Senior management teams are the ones setting the goals, objectives, and mission statement.

You might also need the authoritative approval to boss around a security administrator or a network engineer in order to put in risk mitigation controls.

It’s easier to make people do things if they know the boss is watching (that goes for everything else in life as well).

CISSPs need to learn how to align business goals, objectives, and mission with information security.

Mission

“I am an information security professional striving to improve the world by securing data and operations”

A mission is the final achievement. The culmination of the goals and objectives.

There is 1 mission, but many goals and objectives to achieve that mission.

It is a statement that is meant to encompass the overall value the company will add to society, its purpose of existence.

It’s what an organization is all about.

So what’s your mission?

Goals

“I will constantly keep learning and updating myself on the latest security topics, threats, and counter-measures to better serve customers”

You can’t measure goals.

You can have goals, and think you might have achieved them, but you can never really be 100%.

You can only be better than you were yesterday.

You use objectives to break down and measure the practical steps that must take place to achieve the goal.

Objectives

“I will pass the CISSP exam”

This can be measured, you either fail or pass. Simple as that.

Objectives can be measured, they can move in the direction of the goal.

Passing the CISSP exam is an objective to complete the overall goal.

They can be quantitatively assessed and analyzed.

They can be held against you.

How close are you to your objective?