Watch this video on YouTube
How should an information security manager prioritize control objectives to ensure alignment with organizational risk appetite and strategic goals?