Register now or log in to join your professional community.
Hello Abdelmaied
My point of view is that a policy sets the guidelines for its purpose, it needs structure to have its purpose translated to real life. The structure would consist of:
- Procedures
- Understanding of threats, vulnerabilities and impact
- Control and reporting systems
- Continuous vigilance and training
- Desk top or real life threat exercises