In this chapter, you will:
• Learn the basic concepts of controls
• Examine different control frameworks
We’ve discussed controls throughout this book so far, but always from a risk identification, assessment, analysis, and response perspective. There’s a lot more to be learned about security controls and how they are designed and implemented. In this chapter, we will begin to change direction a bit and focus on controls from those perspectives. We will review some basics regarding controls, and you will learn about how you select them to perform specific functions in protecting systems and data. We’ll also review a few key control frameworks in detail, including the National Institute of Standards ...