Develop information security plans aligned with business goals and objectives. Identify current and potential legal and regulatory requirements affecting information security. Identify drivers affecting the company (e.g., technology, business environment, risk tolerance, geographic location) and their