PPT, PPTP
People, Process and Technology (PPT) are always referred as the foundation in the cybersecurity community.
Yes, they are. But without establishing formal organization policies to drive, many pitfalls will be envisaged
Misalignment among business units
Misinterpreted context of the policies
Lack of management support for continuous improvement
Insufficient skill set in the workforce
Therefore, a more precise model PPTP (People, Process, Technology, Policies) deems suitable. Without the last P, it's like a chair with broken leg that will fall (fail)....