4. PROCEDURAL AND PEOPLE SECURITY CONTROLS - Information Security Management Principles

4 PROCEDURAL AND PEOPLE SECURITY CONTROLS

In this chapter we discuss the risks to information security involving people and how to manage them by the use of the appropriate controls.

There are three main types of control:

physical – for example locks on doors and secure cabinets;
procedural – for example checking references for job applicants;
product/technical controls – for example passwords or encryption.

The latest version of the ISO 27001 standard contains 133 controls within 39 functional groups, and this does not cover everything. Hopefully this gives you the idea that the subject of controls is an almost bottomless pit. All we can do here is to explain the principles of the generic use of the major controls within information security ...

Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Management Principles - Second edition by David Alexander, David Sutton, Andy Taylor, Amanda Finch

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly