Plan to develop controls for an entire IT environment

The CISO of a large hospital to write a plan to develop controls across the entire IT
Discuss in plan and include the following:
Business perspective for controls
The importance of controls
Effective control design principles
Information categorization and control
Implementation of the control plan

APA formatted
Use 2 peer-reviewed journal articles or more as sources