# Defensive Security Controls

1. Technical controls
   1.  System hardening
   2. Sanitize user input/parameterize
   3. Administrative controls
   4. \-  Multifactor authentication
   5. \-  Encryption -
   6. \-  Process-level remediation
   7. \-  Patch management
   8. \-  Key rotation
   9. \-  Certificate management
   10. \-  Secrets management solution
   11. \-  Network segmentation
   12. \-  Infrastructure security controls
2. Physical controls
   1. Access control vestibule
   2. Biometric controls
   3. Video surveillance
3. Operational controls
   1. Job rotation
   2. Time-of-day restrictions
   3.  Mandatory vacations
   4. User training
4. Administrative Controls 
   1. Role-based access control
   2. Secure software development life cycle
   3. Minimum password requirements 
   4. Policies and procedures