1. Strategic alignment of information security with business strategy to support organizational objectives. 2. Risk management by executing appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to an acceptable level. 3. Resource management by utilizing information security knowledge and infrastructure efficiently and effectively. 4. Performance measurement by measuring, monitoring and reporting information security governance metrics to ensure that organizational objectives are achieved. 5. Value delivery by optimizing information security investments in support of organizational objectives