Chapter 3. Risk Mitigation Strategies and Controls
This chapter covers the following topics:
Categorize Data Types by Impact Levels Based on CIA: This section includes a discussion of CIA and FIPS 199 levels.
Incorporate Stakeholder Input into CIA Impact-Level Decisions: This section covers why stakeholder input should be obtained and factored into the decisions made.
Determine the Aggregate CIA Score: This section discusses using the FIPS 199 nomenclature to calculate the aggregate score.
Determine Minimum Required Security Controls Based on Aggregate Score: This section discusses using the aggregate score to help select security controls.
Select and Implement Controls Based on CIA Requirements and Organizational Policies: This section discusses ...
Get CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, Second Edition now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.