You can:
- determine the right balance between the organisation’s cyber and information security capabilities, acceptable level of risk and speed of technology progress
- decide areas that need security investment
- create a security roadmap that enables the organisation to achieve its objectives