Information Risk Management, 2nd Edition

APPENDIX D – INFORMATION RISK CONTROLS

It is often wrongly assumed that a single control of any kind is sufficient to resolve a risk. In fact, it is frequently the case that more than one control is required, and these may often be controls of different types. It is common that a risk may have been reduced by some means, but leaving some level of risk that is shared with a third party before the residual risk is accepted.

There are three levels of control: strategic, tactical and operational. Figure D.1 illustrates the overall structure of controls.

Figure D.1 Information risk controls

images

STRATEGIC CONTROLS

Strategic controls come in four flavours: ...

Get Information Risk Management, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Risk Management, 2nd Edition by David Sutton

APPENDIX D – INFORMATION RISK CONTROLS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly