This document discusses strategic planning for information security. It outlines the roles of key planning professionals like the CIO and CISO. The CIO translates strategic plans into security objectives while the CISO plans tactical and operational security measures. Effective planning requires defining values, vision, and mission statements. Strategic plans should then guide tactical and operational planning over multiple levels. The document contrasts top-down versus bottom-up approaches for implementing information security plans.