Program Elements
The program consists of five fundamental elements:
(3.1) Information security organization, roles & responsibilities;
(3.2) Defining information security standards and principles
(3.3) Identification and assessment of information assets and risks;
(3.4) Safeguards to mitigate identified risks;
(3.5) Continual evaluation and adjustment of the program.