Protect

Identity Management, Authentication, and Access Control ensures that only verified and authorized users, services, and devices can access systems and data.

It includes identity proofing, credential management, authentication, and strict enforcement of access policies based on least privilege and separation of duties—covering both digital and physical access.

Awareness and Training equips all personnel—including specialized roles, executives, and third-party stakeholders—with the knowledge and skills needed to recognize and manage cybersecurity risks relevant to their responsibilities.

It promotes a shared understanding of security roles across the organization.

Data Security ensures the protection of data across its lifecycle—at rest, in transit, and in use—by enforcing confidentiality, integrity, and availability.

It includes secure handling, backup, and disposal of assets, integrity verification of hardware and software, and separation of development and production environments to reduce risk.

Platform Security focuses on securing hardware and software platforms through configuration management, lifecycle maintenance, and control of unauthorized changes.

It includes generating logs for monitoring, preventing unauthorized software execution, and embedding secure development practices throughout the software lifecycle.

Technology Infrastructure Resilience ensures that networks, systems, and environments remain secure and operational under both normal and adverse conditions.

It includes protection against unauthorized access and environmental threats, as well as maintaining sufficient capacity and resilience mechanisms to ensure continuous availability.