The CISO Program Plan is a support document to the Cyber Security Strategy that explains how the direction set by the strategy will be met, that outlines how strategic objectives will be met, and that sets priorities for how the organization can efficiently and effectively address the management, control and protection of the public’s information assets over the immediate future (up to three years ahead).