In the fifth part of our series on information security, we set out the final step for you to consider: What security measures will contribute to achieving the identified goal? These measures will broadly fall into three categories: paper (policies, procedures, and guidelines), people (roles, responsibilities, and practices), and tech (requirements and implementation).