An articulation of the scope and charter of the Information Security Program that includes for example such focus areas as reputation, corporate governance and regulation, corporate social responsibility and information assurance. The portfolio can change as necessary to remain consistent with the business agenda and to remain relevant and responsive to a changing threat landscape and evolving laws and regulations.