Philosophy - Protection decisions are usually based on an organizational philosophy towards protection. Some organizations trust employees implicitly, while others distrust with the same vigor. Some organizations rely on secrecy for their livelihood, while others are vehemently opposed to keeping secrets of any kind. In some organizations, money is the driving force, while others have different goals. These are all examples of philosophical differences that will have an impact on protection.
Setting Policy - Once a philosphy is established, most organizations have a method of setting policy, either as a reaction to a particular event, or as a standard practice of doing business. Some policies require signed statements by all employees and guests, while others rely on informal discussions. Most organizations have safety policies to protect them from law suits.
Making Models - Models are used when the policy is not simple enough to be easily understood by all parties concerned. The models allow us to examine situations before, while, and after they come up, to see how the organization is designed to react, how it reacted, and to assure that future reactions are appropriate.
Implementing Protection - Protection is usually implemented with a combination of technical and procedural techniques that are designed to fulfill the policies of the organization. Implementation has a very strong interaction with modelling and maintenance.
Maintaining Protection - Ongoing operation of a protection system is by far the least understood part of the protection process. Many systems are simply too complex to properly operate over an extended period of time without enormous resources. The interaction between the operational aspects of protection and the models and implementation process is very strong, and in many cases, operational effecxts find themselves affecting the very philosophy of the organization.