The sophistication of attacks on the digital infrastructure of organizations continues to grow. Organizations invest heavily on technology and yet remain vulnerable. To minimize the cyber risk, an organization must balance their investment across people, process and technology. The process-based controls take input from the industry’s best practices and standards.