Confidentiality (only authorized access)

Integrity (data is accurate and unaltered)

Availability (systems are accessible when needed)

Operational continuity

Regulatory compliance

Risk reduction and resilience

Endpoints (laptops, phones, servers, IoT)

Networks (LAN/WAN, Wi-Fi, VPN)

Applications (web, mobile, APIs)

Data (personal, financial, intellectual property)

Identities (users, services, machine identities)

Cloud resources (containers, VMs, storage, SaaS)

Operational technology (ICS/SCADA, medical devices)

Privacy and data protection

Safety (especially in OT/critical infrastructure)

Trust and reputation

Malware (viruses, worms, trojans)

Ransomware (data encryption + extortion)

Phishing & social engineering (credential theft, fraud)

Credential attacks (brute force, password spraying, credential stuffing)

Exploits (vulnerability exploitation, zero-days)

Web attacks (SQL injection, XSS, CSRF)

DDoS (availability disruption)

Man-in-the-middle & eavesdropping (network interception)

Supply-chain attacks (compromised vendors/dependencies)

Insider threats (malicious or negligent)

Data breaches (exfiltration of sensitive data)

Cybercriminals (financial motivation)

Nation-states (espionage, disruption)

Hacktivists (ideological goals)

Competitors/industrial espionage

Script kiddies/opportunistic attackers

Segmentation and isolation (VLANs, microsegmentation)

Perimeter and internal controls

Secure remote access (VPN, ZTNA)

Secure SDLC (design, code, test, deploy)

API security (authentication, rate limiting, schema validation)

Dependency and supply-chain security (SBOM, signed artifacts)

Anti-malware/EDR

Hardening (patching, configuration baselines)

Device control (USB, app allowlisting)

Shared responsibility model

IAM, posture management, and workload protection

Container/Kubernetes security

Classification, access controls, encryption

DLP and key management

Backup and recovery

Authentication (MFA, SSO)

Authorization (least privilege, RBAC/ABAC)

Privileged access management (PAM)

Monitoring, detection, incident response

Vulnerability management and patching

Security tooling operations and tuning

Policies, standards, audits

Risk assessments and control mapping

Regulatory requirements (sector/region-specific)

Firewalls (NGFW) and WAFs

Secure gateways (email/web filtering)

Network access control (NAC)

Endpoint protection platforms (EPP)

Encryption (at rest/in transit)

MFA and passwordless authentication

Secure configuration management (CIS benchmarks)

Logging and telemetry (system, app, cloud)

SIEM (centralized log analytics and correlation)

EDR/XDR (endpoint and cross-domain detection)

IDS/IPS (intrusion detection/prevention)

UEBA (behavior analytics)

File integrity monitoring (FIM)

SOAR (automated response workflows)

Incident response platforms and case management

Backup systems (immutable backups, versioning)

Disaster recovery (DR) tooling and orchestration

Vulnerability scanners

SAST/DAST/IAST (application testing)

Penetration testing toolkits

Configuration posture tools (CSPM, KSPM)

Secrets scanning and key rotation tooling

Multiple layers across network, endpoint, app, identity, and data

Reduces single points of failure

Verify explicitly (strong identity, device posture)

Use least privilege (minimal access by default)

Assume breach (continuous monitoring and segmentation)

Prioritize highest-impact assets and threats

Balance security, usability, and cost

Threat modeling and secure architecture

Secure defaults and safe configuration

Metrics, audits, lessons learned, control refinement

Inventory of hardware, software, and cloud resources

Ownership, criticality, and lifecycle tracking

Discovery (scanning, advisories)

Prioritization (CVSS + exploitability + business impact)

Remediation (patching, mitigations, compensating controls)

Verification (re-scans, monitoring)

Log collection and normalization

Alert triage and investigation

Threat intelligence enrichment

Preparation (playbooks, training, tools)

Identification (detection and confirmation)

Containment (isolate affected systems)

Eradication (remove root cause)

Recovery (restore services, validate)

Post-incident review (lessons learned, improvements)

RTO/RPO definitions

DR testing and tabletop exercises

Security analysts (SOC)

Incident responders / DFIR

Security engineers (network, endpoint, cloud)

Application security engineers

Security architects

GRC and compliance specialists

CISO and security leadership

Phishing training and reporting culture

Secure handling of data and devices

Clear policies and easy-to-follow guidance

DevSecOps (security integrated into development)

Coordination with IT, legal, HR, and business units

NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover)

ISO/IEC 27001 (ISMS)

CIS Controls

MITRE ATT&CK (adversary tactics and techniques)

Privacy and data protection (e.g., GDPR-like requirements)

Industry standards (e.g., payment, healthcare, critical infrastructure)

Acceptable use, access control, encryption, logging, incident response

Social engineering and user error

Insider risk and privilege misuse

Tool sprawl and alert fatigue

Legacy systems and patch constraints

Cloud misconfigurations

Skills shortage and budget limits

Prioritization and ROI justification

Rapid exploit development

Supply-chain dependency risks

MFA + anomaly detection + rate limiting + password hygiene

EDR + least privilege + segmentation + immutable backups + incident playbooks

Secure SDLC + WAF + SAST/DAST + secrets management + API protections

IAM least privilege + CSPM + workload scanning + logging/monitoring

MFA, patching, backups, least privilege, logging

Vulnerability scans, pen tests, tabletop exercises