To develop a marketing strategy

To establish policies, standards, and practices

To hire more employees

To create a budget for security

Business continuity plans

Disaster recovery planning

Incident response planning

Employee training programs

Be properly disseminated and understood

Be ignored by employees

Be expensive to implement

Be written in legal jargon

De jure standards

Informal standards

De facto standards

Operational standards

To enforce laws

To conduct security audits

To draft all security policies

To manage policy effectiveness

Intrusion Detection System (IDS)

Proxy Server

Cache Server

Firewall

No personal items on desks

All documents to be shredded

Classified information to be stored securely

Employees to work from home