Use this tool to formally identify business goals, customer and compliance obligations, and make explicit links to how security initiatives propose to support these business interests.
Then define the scope and boundaries for the security strategy, and the risk tolerance definitions that will guide future security risk decisions.
Use this tool in conjunction with the project blueprint, Build an Information Security Strategy.