Our action plan aims to ensure access to accounts privileged more difficult for fraudsters and should allow the teams responsible for security to identify suspicious accesses. * Proceed in stages, starting with a system using an evidence-based approach risks (𝗵𝗶𝗴𝗵 𝘃𝗮𝗹𝘂𝗲, 𝗵𝗶𝗴𝗵 𝗿𝗶𝘀𝗸). Watch for behaviors. * Set up an authentication mechanism for multiple factors and mandatory for all administrators, which they are also recommended to do with regard to third party access, for example for subcontractors. * Management of vulnerabilities attacking the management of vulnerabilities and offer significant potential for reducing risks. Consider exploring this method when the correction process is interrupted and the information technology (IT) operations have had to struggle to support the number of vulnerabilities. It is impossible to correct everything, but it is possible to reduce the risks in a substantial way by establishing an order priority in risk management procedures. * Application control on the workloads of servers, This option is well suited for organizations looking for a 'deadlock' situation default "or" zero confidence "with respect to server workloads. Control apps to block most malware since there is no whitelist for most of these. It's about a very powerful security posture. His effectiveness against attacks has been proven. * Security management and analysis for organizations that wish to integrate security controls into the flow of DevOps type work. Start by making a composition analysis using open software, Then integrate testing into DevSecOps workflows.