PPT stands for People, Policy, & Technology. The security process is a mixture of these three elements. Each element depends in some manner on the other elements. Also, issues receive greater coverage when the elements are combined. The controls environment is greatly enhanced when these three elements work in concert. A simple drawing will suffice to illustrate this. This drawing shows the basic elements and also coverage areas.
As you move toward the union of these elements, the controls environment increases there is greater coverage. Let's understand these three elements individually.
People: This core element is the most important. The people element comprises the people and various roles and responsibilities within the organization. These are the people that are put in place to execute and support the process. A few key roles include senior management, security administrators, system and IT administrators, end users, and auditors.
Policy: This element comprises the security vision statement, security policy and standards, and the control documentation. This is basically the written security environment the bible that the security process will refer to for direction and guidance.
Technology: This element includes tools, methods, and mechanisms in place to support the process. These are core technologies the systems, the databases, the applications, the security tools embraced by the organization. The technology then is the enforcement, monitoring, and operational tool that will facilitate the process.
