Hi. CyberSecurity will either get enforced by the Government (which has no idea what information security consists of), or people who come with an initiative and a research facility which will show Proof of Concept to the government and to any Organization what Operational and Physical Security consist of. Cyber Terrorism, Cyber Theft and Cyber Defense should be the first to be included in such policies, Training and and Awareness is another issue. Then compliance can be effective which should be followed up with Security test and Audit. First Kenyan Security Forum = http://lists.my.co.ke/pipermail/security/ ./Chuks -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester [email protected] {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/