You continue to do more with less budget and alert fatigue is setting in. With all the recent cyber attacks leadership wants affirmation that you have a written security policy addressing externalities associated with new privacy laws, continuous cyber posture improvement, and 3rd-party compliance checklists. However, cyber security risks are emerging from user actions that are are often outside the realm of technical controls . Security culture, policy, and risk management are the new protection tool. How do you prepare and how do you comply?