TIM-8365

Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2020). Maximizing employee compliance with cybersecurity policies. MIS Quarterly Executive, 19(3), 183–198.
Although IT administrators are fully aware that written policies are essential for preventing insider cybersecurity threats, they frequently struggle to ensure that enough staff is following the rules. This article examines which compliance promotion techniques work and don't work and offers practical suggestions for increasing employee compliance.

The National Institute of Standards and Technology. (2022, November). Using business impact analysis to inform risk prioritization and response.
Read Section 2: Cataloging and Categorizing Assets Based on Enterprise Value.
This section applies a structured approach to cybersecurity risk management through the integration of the BIA process.