The CIO sought an objective point of view on the current state information security (IS) program, including opportunities to improve compliance and overall alignment with IS leading practices. The results of the assessment would be used to enhance the future IS strategy in line with a broader initiative within the organization to “reset” IT.