(3) restricting physical access to systems that contain sensitive or critical applications. (4) implementing technical safeguards, such as firewalls, encryption, antivirus software, file permissions, intrusion prevention systems and intrusion detection systems.