December 23, 2021 by Admin
An information security program should be established PRIMARILY on the basis of:
- the approved information security strategy.
- the approved risk management approach.
- data security regulatory requirements.
- senior management input.