These focus on controls needed to review, analyze, and appropriately prioritize the organization’s activities against ongoing security risks

is to present a higher-level view of the organization’s security efforts.

The foundation of all security programs – the specific controls and processes that help protect against threats.

Is a set of policies, guidelines, and best practices designed to manage an organization’s information security risks

Verifying the identity of users, devices, or applications trying to access resources.

Determining what authenticated users are allowed to do and access.

Ensuring that systems and data are accessible to authorized users when needed.