to act as criteria for strengthening and standardizing the risk management process of information security organizations. The framework can be used by nearly any company interested in bolstering ...