In this chapter, you will:
• Learn business perspectives of information controls
• Examine the information system security engineering process and its relationship to control design and implementation
• Review effective control design principles
• Learn about information categorization and how it affects control selection
• Learn about implementing information controls
In Chapter 7 we covered the basics of controls, and in previous chapters we’ve discussed how to assess controls as part of the overall risk assessment process, but we haven’t yet covered the finer points of how controls are designed and implemented. In this chapter, we’ll discuss controls from the design and implementation perspectives. ...