As a CISSP candidate, understanding the differences and relationships between an organization’s mission statement, goals, and objectives is very important. You should know how these elements can affect the organization’s information security policies and program.
Corny heading, yes, but there’s a good chance you’re humming the Mission Impossible theme song now - mission accomplished!
An organization’s mission statement is its reason for existence. A good mission statement is an easily understood, general purpose statement that says what the organization is, what it does, and why it’s here, doing what it does in the way that it’s chosen. The mission statement is sometimes referred to as a company philosophy.
A goal is something (or many somethings) that an organization hopes to accomplish. A goal should be consistent with the organization’s mission statement or philosophy and it should help define a vision for the organization. It should also whip people into a wild frenzy, running around their offices, waving their arms in the air, and yelling “GOOOAAALLL!” (Well, maybe only if they’re World Cup fans.)
An objective is a milestone or a specific result that is expected and helps an organization attain its goals and achieve its mission.
Warning Organizations often use the terms goals and objectives interchangeably without distinction. Worse yet, some organizations refer to goals as long-term objectives, and objectives as short-term goals! For our purposes, an objective (short-term) supports a goal (intermediate-term) which supports a mission (long-term).
Ethics help to describe what you should do in a given situation based on a set of principles or values. Ethical behavior is important to maintaining credibility as an information security professional and is a requirement for maintaining your CISSP certification. An organization often defines its core values(along with its mission statement) to help ensure that its employees understand what is acceptable and expected as they work to achieve the organization’s mission, goals, and objectives. See Chapter 12 for more on professional ethics.