The organization detects which assets require protection and the risks that could jeopardize those assets in this Security Plan. Based on a formally documented process, this critical function determines the level of appropriate countermeasure required. An information security plan can help a company mitigate, transfer, accept, or avoid information risk associated with people, processes, and technologies. A well-defined strategy also assists the organization inadequately protecting the confidentiality, integrity, and accessibility of information. Furthermore, the security planning process should determine the likelihood of such occurrences and the impact on the organization if a loss occurs. These steps are critical for determining how to protect organizational assets best and must be carried out regularly.
