Identification should include examining the importance of
- personnel
- AUP
- job rotation
- mandatory vacations
- non-disclosure agreement
- onboarding and offboarding
- user training
- principle of least privilege
- background checks
- separation of duties
- diversity of training techniques
- third party risk management
- vendors
- supply chain
- business partners
- service level agreements (SLA)
- memorandum of understanding (MOU)
- business partnership agreement (BPA)
- end of life or service
- data
- credential policies
- organizational policies
- change management
- change control
- asset management.