Policies and Procedures
An enterprise of any size must maintain information security policies and procedures to educate their employees in the proper ways of handling different situations that present risks. Having well documented policies and procedures is an essential component of an effective information security program within the enterprise. Comprehensive policies and procedures cover all areas where employees need to be given guidelines on security related questions and scenarios. Many laws also require that companies maintain a detailed set of policies and procedures. Notable examples are HIPAA, New York State Cybersecurity Regulations.