The enforcement of an organizations IT security policies typically begins when the hard work of creating the policy and providing initial security awareness is done.  How an organizations implements compliance depends largely on their governance and management structure & policies.  

1.  How can an organization use monitoring to enforce security policies?

2. What legal implications maybe encountered when an organizations attempts to enforce their security policies?

3. What is the significant difference between automated and manual policy enforcement?

4. What are some “best” practices YOU recommend for enforcing an organizations security policies?