Subchapter ITP.1.3 Information Security ITP.1.3.010 Responsibilities ITP.1.3.020 Risk Assessment ITP.1.3.030 Strategy ITP.1.3.040 Controls Implementation ITP.1.3.050 Security testing ITP.1.3.060 Monitoring and updating ITP.1.3.070 Reporting ITP.1.3.080 Incident response program