Five key controls used under the scheme are:
This control requires you to have policies in place, together with well-defined processes to maintain your security.
You must protect your internal network against attacks from the Internet.
It’s important that you prevent accidental and intentional damage caused by current or former employees.
Attackers constantly identify and exploit software vulnerabilities. It’s critical that you apply fixes and patches to address these vulnerabilities.
Most people are familiar with anti-spam and anti-virus protection, but user awareness training for employees will also fall under this control.