What term is used to describe the provision of rules intended to protect the information assets of an organization?
What term is used to describe the control measure that reduces security incidents among members of the organization by familiarizing them with relevant policies and practices in an ongoing manner?