Conclusion
In conclusion, I have learned that setting up a company isn't easy and managing IT security issues within a company, there are lots of cost involve, which is quite hard to handle, because each of these key facts are equally important: policies, disaster recovery policies, updating security procedures and scheduling security audits, code of conduct, surveillance and monitoring policy, risk management and budget setting. However if you ignore just one them, you might be heading into a disaster, because without disaster recovery, you can't recover your company after there was a disaster and it has destroyed your company, you might recover it if you're rich enough, but for those smaller companies, they can't.