the activity) • Access Control (restrictions of access rights) • Information systems acquisition, development and maintenance (result of the activity) • Information security incident management (CERT) • Compliance (ensuring conformance with security policies, standards, laws and regulations)