This approach is consistent with the governments strategic view of cyberspace that is articulated in strategies such as the doctrine of information security.
It provides a cost-effective technique to determine the status of information security controls, identify any weaknesses and, where necessary, define an improvement plan.