[{"ID": "ITS.110.010","Activity": "Identity & Access Management","Description": "Identity and access management (IAM) services set policy, business processes, establishes controls and provide technologies to facilitate the management of digital identities by ensuring individuals have the appropriate access to necessary systems at the right times. Specific areas include authentication, identity management and identity governance & administration. Specific areas included: Authentication/Authorization, Identity Management, Identity Governance & Administration, Privileged Access Management, and Certificate Management."},{"ID": "ITS.110.020","Activity": "Security Awareness","Description": "Security awareness sets policy, procedures and provides enterprise knowledge training to members of an organization to promote an understanding for all individuals regarding the protection of an organization's physical and digital assets. Specific areas included: Security Training, Security Advisory, and Security Policies and procedures."},{"ID": "ITS.110.030","Activity": "Cyber Security & Incident Response","Description": "Cybersecurity services provide policies, procedures and technologies to recognize existing and emerging threats as well as determine associated risk to ensure the organization has the appropriate defense and responses to each incident. Specific areas included: Cyber Security Monitoring and Security Incident Response."},{"ID": "ITS.110.040","Activity": "Threat & Vulnerability Management","Description": "Threat and vulnerability management services ensures an organizations applications and infrastructure vulnerabilities are proactively identified, classified and corrected to ensure they are not exploited by unauthorized individuals or parties. Specific areas included: Application Vulnerability Management, Infrastructure Vulnerability Management, and Network / Endpoint Security."},{"ID": "ITS.110.050","Activity": "Data Privacy & Security","Description": "Data privacy and security ensures enterprise and user data is not used or accessed by unauthorized individuals or entities by ensuring data and identities are classified appropriately, the correct controls are in place to prevent data loss and data is appropriately secured. Specific areas included: Data Classification & Identification, Data Loss Prevention, Data Encryption, Data Access, and Database Security."},{"ID": "ITS.110.060","Activity": "Governance, Risk & Compliance","Description": "IT Compliance services set policy, establish controls and measuring compliance to relevant legal and compliance requirements. Ensure risks are met, alignment with regulatory needs (SSAE16, HIPAA, PCI DSS, SOX, TRICARE etc.), Documented and communicated to business owners. Ensure third parties meet risk and security requirements."},{"ID": "ITS.110.070","Activity": "Business Continuity & Disaster Recovery","Description": "Business Continuity ensures the continuous operation of the enterprise. Services include business impact assessments, business resiliency plans, disaster recovery capabilities and the associated exercise, testing, training and awareness to support people, process and technology recoveries in case of an incident."}]