Defining the Scope, Objectives, Goals, and Frequency of an AuditIdentifying Critical Requirements for the AuditImplementing Security ControlsProtecting Privacy DataAssessing IT SecurityRisk ManagementThreat AnalysisVulnerability AnalysisRisk Assessment Analysis: Defining an Acceptable Security Baseline DefinitionObtaining Information, Documentation, and ResourcesExisting IT Security Policy Framework DefinitionConfiguration Documentation for IT InfrastructureInterviews with Key IT Support and Management Personnel: Identifying and PlanningNIST Standards and MethodologiesMapping the IT Security Policy Framework Definitions to the Seven Domains of a Typical IT InfrastructureIdentifying and Testing Monitoring RequirementsIdentifying Critical Security Control Points That Must Be Verified Throughout the IT InfrastructureBuilding a Project PlanChapter SummaryKey Concepts and TermsChapter 5 Assessment