People, Process and Technology (PPT) are always referred as the foundation in the cybersecurity community.
Yes, they are. But without establishing formal organization policies to drive, many pitfalls will be envisaged
- Misalignment among business units
- Misinterpreted context of the policies
- Lack of management support for continuous improvement
- Insufficient skill set in the workforce
Therefore, a more precise model PPTP (People, Process, Technology, Policies) deems suitable. Without the last P, it’s like a chair with broken leg that will fall (fail).