Play it Safe – Manage Security Risks – Week 2 – Part 3

OWASP – Open Web Applications Security Project

Minimize attack surface area, refers to all the potential vulnerabilities that a threat actor could exploit. Like attack vectors like phishing emails or week passwords
Principle least privilege
Defense in depth
Separation of duties
Keep security simple
Fix security issues correctly

Scope refers to the specific criteria of internal security audit.

A security audit is a review of an organization’s security controls, policies, and procedures against a set of expectations.