Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.


AC-5 control (NIST SP 800-53), 113, 114

AC-6 control (NIST SP 800-53), 190

AC-7 control (NIST SP 800-53), 188–189

access controls

defined, 4

KPI for, 244, 246, 248

supporting security goals, 7


defined, 5

KPI for audit and, 250–251

nonrepudiation and, 6–7

acquisition phase (SDLC), 51, 147

action plans for risk response, 137

administrative controls, 184

Agile program management framework, 150–151

analyzing risk scenarios, 80

ANSI (American National Standards Institute), 199

APO (Align, Plan, and Organize) ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.