Your procedures don't just outline what methods to soak up the event of the security breach, they also define who does what and when. Restrict login makes an attempt: restricting the amount of moments a user is ready https://cybersecarmor.com/cybersecurity/5-types-of-password-attacks/