Identify the industry’s critical data infrastructure assets (i.e., network, telecom, utilities, applications, computers, and client data categories).

Identify human resources for technical, management, and legal operations.

Identify requisite law enforcement entities required for reporting breaches (i.e., local, state, and federal areas of compliance).  

Examine cybersecurity policies in relation to an organization’s alignment with laws, regulations, and standards.