The guiding approach will provide overarching direction for all
stakeholders to base their decisions
General Security Approaches
Opportunistic – “minimal security footprint”
Relative Value – “perform equal or incrementally better than rivals”
Absolute Value – “do what creates the most value”
Compliance – “good compliance means good security”
Risk to Zero – “accept as little risk as possible”