The People part of the equation is all about establishing a cultural framework that focuses on security at board level. It requires communication up and down the organisation, as well as ongoing education and training.
Process is about rules, regulations, and oversight.The board has a responsibility to ensure that the business focuses on appropriate risks. But it is also important to combine autonomy and flexibility to get work done while at same time addressing cyber risk.
Technology involves putting systems in place to automate processes and make them smarter and more effective. Technology helps to enforce the rules and procedures and detect threats.