There is no such thing as a free lunch.
Attributed to Milton Friedman, 1912–2006
The controls specified in this chapter are the operational controls or those controls that govern the ongoing operational processes impacting security spanning multiple departments. This chapter, along with the preceding security control chapters (Chapter 8 on managerial controls and Chapter 9 on technical controls) complete the controls necessary for building the foundation for an information security program. Each listing of the operational control family is preceded with some practical security considerations for reviewing the family of controls. These controls are also mapped to COBIT 4.1, ISO ...