1)Access control: In modern days in IT environment, risk mainly in form of access. An organization may have many resources, but those resources are not available to every user, customer or partner. Businesses implement access control to confirm that each person (inside or outside of the organization) only has access to the resources necessary to perform their respective tasks while preventing access to resources that are not relevant to the user. There are different types of access control: network access control, identity management. Access control has three processes: authentication, authorization and audit. The most common and familiar access control technique is role-based access control (RBAC), where privileges are assigned to organized groups of users.2) Disaster Recovery Plan:Backup disaster recovery has become an important part of all the businesses and organizations to avoid the occurrence of data loss errors and critical situations. One of the primary and most popular backup and disaster recovery solutions are making data backups. With the help of data backups, the computer’s information gets copied and these copies can be restored through data recovery process in the situations where some fatal error occurred. Hardware failure, accidental deletion, and malware are things that happen to businesses every day. The benefits and importance of a disaster recovery plan are clear. Once a thorough plan is implemented, if an unforeseen and damaging event were to occur, an organization could mitigate risk, minimize downtime, remain compliant and ensure client records are safe and protected through proper records storage.3) Security Awareness Training:Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology. Employees should receive information about whom to contact if they discover a security threat and be taught that data as a valuable corporate asset. Regular training is particularly necessary for organizations with high turnover rates and those that rely heavily on contract or temporary staff. Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.4)Encrypt Data:Hackers are on the prowl for any type of company-held data that are lying around, such as bank routing digits to employee Social Security numbers. If your company is holding onto this kind of important data, then you need to ensure it’s encrypted. Make certain that your information is kept safe by using full-disk encryption tools. Because these come standard with most operating systems, and it only takes a minute to switch on, there’s no excuse here. Keep in mind that using this feature will require some added attention. That’s because the encryption will only activate in scenarios when a login is not in use. This means that hackers just need employees to step away from their computers, like during a lunch break, to attack a system with a virus or malware. To strengthen your measures, set all your computers to automatically log out after five to 10 minutes without use.5) Intrusion Detection Systems (IDS):Intrusion detection systems (IDS) monitor networks and raises alarm when there is an attempt at an unauthorized entry into the network. These systems are key to detecting unauthorized internal activities such as internal users accessing systems, data or resources to which they have no right of access. When a Trojan programmed, or virus has penetrated a perimeter defence, IDS spots suspicious activities and provides alerts so that measures can be deployed to stop the threat.