This chapter discusses implementing controls to protect organizational assets. It covers implementing defense in depth with layered security and control diversity. Physical security controls for perimeter protection, access control, and environmental controls are compared. The chapter also discusses adding redundancy and fault tolerance for disks, servers, and power. Methods for protecting data with backups like full, differential and incremental backups are also summarized. Finally, elements of business continuity planning like business impact analysis, recovery time objectives, and types of alternate sites are briefly outlined.