The University of SydneyPage 14PrioritisingDecisions–Identify a broad range of objectives for IS security–Objectives can be classified into fundamentaland means–Objectives should be context specific, so that they can be appropriately ranked