The proactive and integrated approach begins with a baseline assessment to identify systems capabilities, strengths, and weaknesses. A perspective is then developed based on a sense of the strategic directions and priorities that drive the user communities in the organization. This information is used to build a security information architecture to aid in clearly understanding who needs what information and what exposures are associated with providing that information. It is also necessary to analyze the technology lifespan and project the organization's future information needs. A delivery strategy and master plan is developed based on sound management principles. The assessment of the security function and master plan and its objectives should be presented to all levels of management.