- Security of applications and data: Regular patching, encryption of private information, etc.
- Host security: dynamic whitelisting, write and read protection, limiting unauthorised services, and timely antivirus updating.
- Network: Firewall, sandboxing, IDS/IPS, VPNs, monitoring, and alerting are all components of network security (corporate plus ICS).
- Physical security: Fences, CCTV, ID cards, etc.
- Policy and Procedures: Risk management, incident response management, supply chain management, audit and assessment training, and awareness.
While the three lines of defence covering assurance, governance, risk, compliance, information security and cybersecurity functions can all be working in one way or another on information security and governance, one can examine the objectives, roles and activities of these functions to explore ways to optimize outputs. Optimized outputs mean the combined outputs of the various parties working on information security are maximized, which allows resources to be better deployed with increased productivity by reducing duplication. See source.