- Managing assets and appropriate asset retention
- Providing secure resources/components and associated service levels
- Manage data lifecycle and appropriate retention
- Control physical and logical access
- Manage identification and authentication of people, devices and services
- Manage the identity and access provisioning lifecycle
- Perform configuration management
- Apply the fundamental concepts of security operations
- Managing incidents
- Apply and maintain detection and prevention measures
- Implement and manage patches and vulnerabilities
- Participate in business continuity planning and exercises
- Identify the most sensitive information and servers and maintain a network diagram
- Keep an exhaustive inventory of privileged accounts and keep it up to date
- Identify by name each person accessing the system and distinguish between user/administrator roles
- Compliance and other requirements and KPIs/KRIs
- Physical security
- Development methodologies
