Securing an organization's assets requires work, but there are some basic steps that can simplify the task by taking a one-two-three approach. As an example, in NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems,” NIST categorizes security controls into three classes and then into 17 groups. Another method of sorting security controls is to categorize the control by what it does. The common categories for this taxonomy include preventive, corrective, and detective. Security controls can also be grouped as administrative, technical, and physical controls; this is the grouping that I discuss in this white paper. You should find this useful if you want to learn more about how to prevent common security problems or best practices for applying security controls.