Describe categories of controls that are available to implement as layered security to mitigate risks to information assets due to operating system vulnerabilities.

One of the foundational tenets of information security is the concept of layering security controls with the idea that there is an incremental gain with each layer providing heightened security not present with the implementation of each of the individual controls. For example, implementing user accounts and passwords is a mitigation to the risk to assets caused by operating system vulnerabilities. Implementing user accounts and password and adding group policies that control what those users can do with their accounts further decreases the risk and enhances the mitigation of the vulnerabilities. Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following topics: Describe categories of controls that are available to implement as layered security to mitigate risks to information assets due to operating system vulnerabilities. Describe controls and resources that are specific to vulnerability patching and version management. Describe how management of ports and services can mitigate the risk to information assets as part of an operating system security plan.