Least Privilege

Layered Defenses and Mitigations

Change Control

Visibility: Monitoring, Assessment, Education, Awareness, Verification and Audits

Response: Resilience, Recovery, Prosecution/Legal

Logging

Trusted Transactions

Policy and Procedure

Separation of Duties

Rotation of Duties

Dual Control

Ownership