Confidentiality, integrity, and accountability

Classification, integrity, and accountability

Confidentiality, identity, and accessibility

Confidentiality, integrity, and availability

Vulnerability

Threat

Risk

All 3

Identify, Protect, Detect, Respond, Recover

Identify, Prevent, Detect, Respond, Recover

Identify, Protect, Deflect, Respond, Recover

Identify, Protect, Detect, Respond, Return

That the layers of controls should combine different classes of technical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical and physical controls with the range of control types

That the layers of controls should combine different classes of physical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical, administrative and physical controls with the range of control types

For a critical business function to be secure, it may be necessary to ensure that no one person can perform that function

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role

Enforcing a security role by separating it from the network or access by the rest of the network

Screening new employees through background checks, ensuring employees are set up with the correct privileges when they join or change job roles, and ensuring that privileges are revoked if the employee is fired or retires

Defines the scope of security needed by the organisation and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection

Is a set sequence of necessary activities that performs a specific security task or function

Provides practical guidance on how an organisation can protect their systems and data from cyber threats

Defines a minimum level of security that every system throughout the organisation must meet

ISO 27001

NIST CSF

COBIT

ITIL