Technology 8. Asset-Centric Security – Security must be as close to the assets as possible (i.e., data-centric and application-centric approaches instead of network-centric strategies) to provide a tailored approach that minimizes productivity disruption. 9. Least Privilege – Access to systems and data must be granted only as required and removed when no longer required.