AFTER COMPLETING THE BASICS of identifying assets, threats, and vulnerabilities, you can begin identifying controls. Controls mitigate risk throughout an organization. One of the ways to evaluate controls is to identify critical business operations and critical business functions. Controls should be in place to protect against risks for these critical areas of your business.

Compliance is an important topic in IT today. If any laws or guidelines govern your organization, you need to ensure you're compliant. Noncompliance can be quite expensive. The first step is identifying the relevant laws and guidelines to see if they apply to your organization. If they do apply, you need to assess ...