• protect an organization’s assets from unauthorized access, use, disclosure, disruption, modification, or destruction. Common security controls include firewalls, intrusion detection systems, access control lists, and encryption.
• Educating employees about security. Employees are often the weakest link in an organization’s security posture. By educating employees about security risks and how to protect themselves, organizations can reduce the likelihood of a security breach.
• Monitoring for threats. Organizations need to constantly monitor their systems and networks for signs of threats. This can be done through a variety of means, such as intrusion detection systems, vulnerability scanning, and threat intelligence.
• Responding to incidents. When a security incident does occur, organizations need to have a plan in place to respond quickly and effectively. This plan should include steps to contain the incident, investigate the cause, and recover from the damage.

Security objectives originate from a variety of sources, including:

• The organization’s mission, vision, and values. An organization’s security objectives should be aligned with its overall mission, vision, and values. This ensures that security is considered in all aspects of the organization’s operations.
• The organization’s risk assessment. A risk assessment is a process of identifying, assessing, and mitigating risks to an organization’s assets. The results of the risk assessment should be used to develop security objectives that are tailored to the organization’s specific risks.
• Regulations and standards. Many organizations are subject to regulations and standards that require them to implement certain security controls. These regulations and standards can be a source of security objectives for organizations.

The people who are engaged in security come from a variety of backgrounds and disciplines. They include:

• Security professionals. Security professionals are responsible for developing and implementing security policies, procedures, and controls. They also investigate security incidents and respond to threats.
• IT professionals. IT professionals play a key role in security by designing, implementing, and maintaining the organization’s IT infrastructure. They also help to educate employees about security and respond to security incidents.
• Business leaders. Business leaders need to be aware of the importance of security and ensure that it is a priority for the organization. They also need to provide the resources necessary to implement and maintain a strong security program.

People are engaged in security for a variety of reasons. Some people are motivated by a desire to protect their organization’s assets and prevent fraud and theft. Others are motivated by a desire to protect the privacy of individuals and prevent identity theft. Still others are motivated by a sense of duty and a desire to make the world a safer place.

No matter their motivation, people who are engaged in security play a vital role in protecting our organizations, our communities, and our way of life.