Create an actionable plan including executive-level support and budget allocation to ensure security controls can be rapidly updated and expanded as the threat environment increases.
The actionable plan should include (but is not limited to):
Procedures to track performance
Procedures to monitor and measure performance for areas of improvement
Procedures to identify new threats, vulnerabilities, or any countermeasures
Procedures to obtain feedback on the effectiveness of policies
Procedures and technical tools to monitor the internal and external environment
Procedures for budget allocation
Procedures to catch any oversights