Building a comprehensive Information Security plan requires a detailed understanding of the business and the related requirements. An Information Security plan should ensure that the business requirements are captured and the related risks and controls are addressed in the plan.The plan shall provide “Defense in Depth” for the information