- What's at stake
- Define scope
- Adhere to a security standard
- Defining the policies
- Conducting a gap analysis
- Interpreting the analysis results
- Prioritizing remediation
- Getting to a comfortable level
- Conducting a penetration test
- Passive security monitoring
- Active security monitoring
- Threat hunting
- Continuous battle
- Time to reflect