LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Can a business strategy-development method like Mintzberg's bridge be applied to IT/cyber security?

Yes — the same multi-perspective, strategy-then-tactics thinking transfers directly to security: you set a long-term security direction, then choose concrete defensive tactics to implement it.

These strategy frameworks — Porter's generic strategies, Mintzberg's bridge — carry straight over to cyber security. The same logic applies:

  • Look back — which past incidents and controls worked or failed?
  • Look from above / sideways — the threat landscape and what attackers (and peers) are doing.
  • Look from below — your own assets, weaknesses, and resources (an internal security SWOT).
  • Look forward / beyond — emerging threats and scenarios.
  • See implementation through — operate controls continuously, not once.

The takeaway: a cyber security strategy is a long-term direction for handling threats; the tactics are the specific technical and organizational measures that realize it.

Tip: Strategy and tactics aren't just business or military concepts — they're exactly how to reason about defending an organization: set the long-term security direction, then pick the tactics that implement it.

Go deeper:

  • doc NIST Cybersecurity Framework — a widely used framework that does exactly this: organises a security strategy into functions (Identify, Protect, Detect, Respond, Recover) you then implement with concrete controls.

From Quiz: INTROL / Strategy & Tactics in Cyber Security | Updated: Jul 05, 2026