Develop a culture of security.
Implement a risk management program.
Manage relationships with vendors and business associates.
Create an incident response process.
Audit and monitor the environment.
Manage the enterprise.
Encrypt data.
Monitor the database.
