In a company, it is a good idea for information security to be the responsibility of people at a high level. Senior management must have an in-depth knowledge of cyber risks and threats. This awareness is the foundation for the following actions:
- Issuing policies
- Defining procedures
- Assigning roles and responsibilities
- Training personnel
- Implementing physical security measures to protect the technological infrastructure