A risk evaluation has to be executed to detect vulnerabilities and threats, usage policies for significant technologies needs to be made and all personnel security tasks has to be outlined The RSI security web site breaks down the actions in some depth, but the method in essence goes such as https://www.thefinboard.com/nathan-labs-expands-cyber-security-services-in-saudi-arabia