The daily activities of the members of a company must adhere to the same objectives as DiD. In this context, among the most important elements, we can mention the following:

• The application of security updates and the continuous updating of antivirus solutions
• The maintenance of the Access Control List (ACL), which establishes the rules for accessing the identified critical systems
• The execution of assessment activities, such as periodic scans on system vulnerabilities, monitoring, and the consequent reaction to threats
• The planning of disaster recovery and business continuity

The preceding list of activities is not exhaustive. There are many tools that can be used from reactive to proactive, preventive measures and remediation techniques, forensics, and even intelligence techniques.

Given the breadth of the solutions, following the directions of the DiD in an indiscriminate style could increase the complexity of the whole system, violating the principle of simplicity, which is very often touted as a best practice in security environment. The addition of new security and security features increases complexity, which, paradoxically, entails new risks. What must guide the decision making process in the business environment is, as always, a balance, but how do we go about making the correct choices? The answer lies in risk assessment. The priorities for investments in the security sector must be dictated according to the risks to the company.