This Tactical Tier control triangle seeks to protect the organisation's information systems from unauthorised access, data breaches, and cyber threats through the implementation and management of robust security measures. These three security process domains together provide a comprehensive framework for managing security across the organisation. By addressing physical, personnel, and information security, the organisation can ensure a holistic approach to safeguarding its assets, operations, and reputation.

This control rolls down from the Manage Demand Domain and cascades into: 1.3.2.1-Physical Security, 1.3.2.2-Personnel Security, and 1.3.2.3-Information Security controls.

---

Control Mappings:
Cobit:2019 ➡️ APO13; APO13.01; APO13.03; BAI11; BAI11.03; DSS04; DSS04.01; DSS05; DSS05.01; DSS05.02; DSS05.03; DSS05.06; DSS05.07; MEA03; MEA03.01
PCI:DSSv4.01 ➡️ 12.3.3
GDPR:2024 ➡️ Art.35
HIPAA:2005:Rev2007 ➡️ 164.308(a)(1); 164.308(a)(1)(ii)(A); 164.308(a)(1)(ii)(B); 164.308(a)(5)(ii)(C); 164.308(a)(6)(ii); 164.314(b)(2)
ISO27001:2022 ➡️ 4; 4.4; 6; 6.1.3; 8; 8.3; 9.2
ISO31000:2018 ➡️ 5; 5.2; 6.4
ISO38500:2024 ➡️ 5.8.3
ITIL:v4 ➡️ GM2; GM3; GM10; SM15; SM19