O'Reilly logo

CISSP in 21 Days - Second Edition by M. L. Srinivasan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A collection of security process data

Security control implementation should be based on the outcome of risk assessment, and it is part of risk mitigation strategy. A strategy is based on the security policies, and the implementation and maintenance of a strategy is based on security procedures. One of the key requirements for security control is to demonstrate that the implemented control satisfies the requirements of the risk mitigation strategy, and in turn demonstrate adherence to established security policies and procedures.

Hence, a security control, whether technical, administrative, or physical, should provide sufficient data to establish that security policies and procedures are continuously and uniformly applied.

The data pertaining to ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required