For any organization, there are many security control points that, in this case the Defense Spectrum Organization (DSO), should look at as necessary areas for precaution and care; inventory of authorized and unauthorized devices and software, secure configurations for hardware and software on mobile devices, laptops, workstations and servers, malware defenses, and applications software security. When it comes to inventory of authorized and unauthorized devices and software devise a list of authorized software that is required in the enterprise for each type of system, including servers, workstations, and laptops of various kinds and uses (Valladares, 2013). There is a lot of work that needs to go into this. The DSO will first need to identify the types of assets they have, then they will need to create a list of software for each of those types. The level of granularity will likely be determined by the size of the DSO. Establishing, securing, enforcing and assessing a secure operating system configuration is one of the most important security controls for the DSO to prevent targeted hacking attacks and widespread malware infections (Sidagni, 2013). According to the System Administration, Networking, and Security (SANS) Institute securing configurations is referred to as control 3. Why is this control critical? As delivered by manufacturers and resellers, the default configurations for operating