To establish a framework for financial reporting

To offer a detailed technical guide for software development

To outline the principles of project management

To provide a common basis for developing organizational security standards

Data encryption

Least privilege

Separation of duties

Need to know

Auditing user access rights

Comparing organizational performance against standards

Creating new security policies

Implementing security technologies

They are outdated and not widely used

They are free and widely reviewed

They are only available to government agencies

They focus solely on technical controls

Deterrent

Compensating

Descriptive

Directive

The classification of data

The enforcement of security policies

The documentation of user activities

The process of identifying users

Data masking

Hashing

Encryption

Access control