Areas such as user management, authentication mechanisms and tracking, privileged or super user access and activities, access to critical files, security logging and monitoring, configuration settings, patch management, and backup and recovery activities are just as important and should be addressed in a similar manner.