The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
DATA SOURCED FROM ESCO (EUROPEAN COMMISSION) & O*NET (U.S. DEPARTMENT OF LABOR)