Mechanisms exist to identify and assess the security of technology assets that support more than one critical business function.
Does the organization identify and assess the security of technology assets that support more than one critical business function?