Cybersecurity is built on security controls. These controls can be organizational, procedural and regulatory (compliance), as well as technical. Faced with a new service, be it a website or an essential service that supports a critical infrastructure, the technological risk must be evaluated and managed, selecting which controls should be applied.
An essential point in risk assessment is compliance: the identification of laws, regulations and standards that must be respected and complied with throughout all phases of the service life cycle, which includes design, construction, deployment, maintenance, operation and withdrawal.