GOAL OR METRIC: Have a Global Strategy
RATIONALE: The volume and sophistication of threats is increasing exponentially, meaning there are much greater risk in every part of an IT infrastructure: Access, identities, data, remote devices, servers, data, and the list goes on. The most efficient organizations address security using a global approach, since threats are never limited to an organization's geography, markets, or industry. This often means dedicating IT staff to this task or, as is most often is the case, hiring a firm that specializes in this kind of thing.
POTENTIAL RESULTS: No disruptive security breaches means avoiding uncontrollable costs to fix the problem and nobody gets fired.
Security Strategy: Dell.com/secureworks
Management does not appear to give this much thought. They certainly bristle at the cost of 24 x 7 x 365 security monitoring even though hackers on the other side of the pond tend to try breaking in while most of us are asleep.