Identifying what assets you have, what threats they face, and how much you’re willing to spend to protect them.
A user should only have the minimum level of access necessary to do their job. This limits the "blast radius" if an account is compromised. 5. The Aftermath: Incident Response Fundamentals of information systems security
The "law of the land" for an organization. This includes everything from password complexity to how a laptop should be stored. Identifying what assets you have, what threats they
Ensuring that systems and data are ready for use when needed. A secure system is useless if it’s crashed by a Denial-of-Service (DoS) attack. 2. The Human Element: Policy and People Identifying what assets you have