Determine the risk level of your systems, people, assets, data, and capabilities.
Create a governance policy to control who has access rights to data applications and services.
Develop and implement appropriate methods to quickly identify the occurrence of a cybersecurity event.
Develop a plan that implements appropriate activities to quickly contain the impact of a detected incident.
Establish strategies to restore any data, capabilities, or services that were impaired due to a cybersecurity incident.