Security policy enforcement is the process of ensuring that the enterprise’s security policy is followed. Without awareness of employee activities, the actions required to enforce the corporate security policy cannot be taken. Technology is a component of enforcement, and technical controls are needed to support these processes. Enforcement must be consistent across users and departments, and the procedures that are to be followed need to be clearly defined. The enterprise can adopt one of two stances: Either all policy contraventions are treated equally, or offenses can be differentiated into more and less severe issues.”]
Source: https://www.darkreading.com/analytics/laying-down-the-law