Quiz Entry - updated: 2026.07.14
In the Gartner "security capabilities" best-practice model, what are the five capability areas a security organization needs to cover?
Gartner groups security work into five capability domains: Governance/Risk/Program Management, Infrastructure & Data Protection, Identity & Access Management, a Security Operations Center, and Administration.
Using Gartner's best-practice approach to map "what do we do," the five areas are:
| Capability area | Example activities |
|---|---|
| Governance, Risk & Program Mgmt | Policy, assurance, compliance, strategy, awareness, business continuity |
| Infrastructure & Data Protection | Platform, application, data and vulnerability security |
| Identity & Access Management (IAM) | Governance/administration, access management, privileged access, ID analytics |
| Security Operations Center (SOC) | Monitoring/detection, incident response, threat hunting, penetration testing, red/blue teaming |
| Administration | Project/system admin, change management, user provisioning |
These rest on shared layers like architecture, systems integration, consulting and vendor management, and are steered by an Information Security Steering Committee with BISO/LISO (Business/Local ISO) "security champions."