3 — Cyber Security
32 controls in the Cyber Security category
3Cyber Security Outcome
3.0Cyber Security Overview
3.1Cyber Security Identification and Assessment
3.1.1Threat Assessment
3.1.2Intelligence-Led Testing
3.1.3Vulnerability Assessment
3.1.4Data Classification and Protection
3.1.5Threat Intelligence and Information Sharing
3.1.6Threat Modeling and Hunting
3.1.7Security Awareness and Reporting
3.1.8Cyber Security Risk Profile
3.2Preventive Cyber Security Controls
3.2.1Secure-by-Design Practices
3.2.2Cryptographic Controls
3.2.3Critical Asset Protection
3.2.4Multi-Layer Defence Controls
3.2.5Data Protection Controls
3.2.6Vulnerability Remediation
3.2.7Identity and Access Management
3.2.8Security Configuration Baselines
3.2.9Application Security Testing
3.2.10Physical Access Management
3.3Security Detection and Monitoring
3.3.1Security Event Logging
3.3.2Security Information and Event Management
3.3.3Alert Triage and Response
3.4Cyber Incident Response and Recovery
3.4.1Incident Escalation and Coordination
3.4.2Cyber Incident Taxonomy
3.4.3Incident Management Playbooks
3.4.4Cyber Incident Response Team
3.4.5Forensic Investigation and Post-Incident Review