Mission Statements, Goals, and Objectives

As a CISSP candidate, you must understand the differences and relationships between an organization’s mission statement, goals, and objectives. You should also know how these elements can affect the organization’s information security policies and program.

Mission (not-so-impossible)

Corny heading, yes, but there’s a good chance you’re humming the Mission Impossible theme song now — mission accomplished!

An organization’s mission statement expresses its reason for existence. A good mission statement is an easily understood, general-purpose statement that says what the organization is, what it does, and why it exists, doing what it does in the way that it has chosen. The mission statement is sometimes referred to as a company philosophy or a vision statement.

Goals and objectives

A goal is something (or many somethings) that an organization hopes to accomplish. A goal should be consistent with the organization’s mission statement or philosophy, and it should help define a vision for the organization. It should also whip people into a wild frenzy, running around their offices, waving their arms in the air, and yelling “GOOOAAALLL!” (Well, maybe only if they’re World Cup fans.)

An objective is a milestone or a specific result that is expected and, as such, helps an organization attain its goals and achieve its mission.

Organizations often use the terms goals and objectives interchangeably without distinction. Worse yet, some organizations refer to goals as long-term objectives, and objectives as short-term goals! For our purposes, an objective (short-term) supports a goal (intermediate-term), which supports a mission (long-term).