Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only.
Data should be classified, and the necessary technical controls should be put into place to protect its integrity, confidentiality, and availability.
Hacker tools are becoming increasingly more sophisticated while requiring increasingly less knowledge by the attacker about how they work.
Quality assurance involves the verification that supporting documentation requirements are met.
Quality control ensures that an asset is operating within accepted standards.
System and audit logs should be monitored and protected from unauthorized modification.
Repetitive errors can indicate lack of training ...