Critique organizational and security policies regarding businesses, personnel, and data. ,
Examples: acceptable use policy, job rotation, mandatory vacation, least privilege, non-disclosure agreement, third-party vendors and risk management, service level agreement, memorandum of understanding, measurement systems analysis, end of life, credentialing policies, change management, asset management
