A strategy is a high level plan or design for securing IT systems. The term strategy encompasses a logical or architectural vision. Broad-based security doctrines (such as Defense in Depth) inform strategic thinking.
In the author's system, the word strategy is used in contrast to the term tool. A strategy is wide ranging, and it can be implemented through various means. Tools are tactical in nature, and they represent point-level solutions. Ideally, the deployment of tools is orchestrated according to some larger strategy. In practice, however, this may not be the case!
See also ARTS, Beckstrom's Law.
References:
Nachtigal, S. (2009). E-business information systems security design paradigm and model. http://www.ma.rhul.ac.uk/static/techrep/2009/RHUL-MA-2009-16.pdf