CHAPTER 8

Designing and Implementing Controls

In this chapter, you will:

•  Learn business perspectives of information controls

•  Examine the information system security engineering process and its relationship to control design and implementation

•  Review effective control design principles

•  Learn about information categorization and how it affects control selection

•  Learn about implementing information controls

In Chapter 7 we covered the basics of controls, and in previous chapters we’ve discussed how to assess controls as part of the overall risk assessment process, but we haven’t yet covered the finer points of how controls are designed and implemented. In this chapter, we’ll discuss controls from the design and implementation perspectives. ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.