Identification should include best practices such as the following:

Identification may also include

Process/Skill Questions:

Teacher Resource: Center for Internet Security (CIS) (https://www.cisecurity.org/controls)