Operational Policy - This is likely one of the most important components of any cyber security system. The operational policy establishes the rules by which the organization will operate. Moreover, it is usually one of the first documents attorneys will pull after a breach. This is used as evidence showing the organization's awareness of cyber risks and the approach to cascade the guidelines throughout the organization. Common Policies include:
- Data Privacy
- Asset Protection
- Anti-malware
- Asset Classification
- Mobility