The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
Data Source: Unified Global Standards (ISCED, ISCO, O*NET, ESCO)