What is an operational strategy?

ComplianceForge wrote an excellent guide contrasting strategy, operations and tactics, emphasizing that:

• Strategies set high-level direction and alignment with business goals (e.g., aiming for ISO 27001 certification).
• Operations bridge strategy and execution by translating strategy into structured programs, capabilities, resource planning and processes to ensure goals are realized.
• Tactics are concrete actions executed within operations that include performing daily Standardized Operating Procedures (SOPs) or executing an Incident Response Plan (IRP) to react to an incident.

For cybersecurity, operations include designing incident response workflows, defining risk assessment cadences, selecting tooling, staffing functions and integrating maturity models. They ensure strategy isn't a theoretical statement but a runnable program.