Probably the least liked aspect of security: how to manage security in practise. Proper considerations for the management of security must go deeper than "just encrypt it". Encryption is a protection mechanism that gives no guarantee that humans will adequately manage the data or the keys. As with everything in this repo, we shouldn't reinvent the wheel where good literature already exists. While literature can help to bridge a knowledge gap, it won't bridge the experience that's of a higher importance when it comes to operational security.
[Further work need here]
"Standards that are available to assist organizations with implementing the appropriate programs and controls to mitigate threats and vulnerabilities include the ISO/IEC 27000 family of standards, the ITIL framework, the COBIT framework, and O-ISM3 2.0" Source: Link.