A risk assessment have to be implemented to establish vulnerabilities and threats, use policies for essential systems needs to be designed and all personnel security tasks have to be described The RSI security site breaks down the ways in a few detail, but the method in essence goes such as https://www.realprimenews.com/nathan-labs-expands-cyber-security-services-in-saudi-arabia