Any organization that wants to enhance security
should put in place a strategy for risk management that
is suitable for its environment (customers and
organization,), and contains the means to address the
risks in effective manner. A required strategy focuses on
security effort where it is necessary and enables a cost
and time effective approach