Raymond Pompon, IT Security Risk Control Management, 10.1007/978-1-4842-2140-2_12

12. Control Design

Raymond Pompon¹

(1)Seattle, Washington, USA

Security is like dentistry. You go to the dentist twice a year for reviews and advanced questions, but you don’t go to the dentist to brush your teeth. The security team should function like the dentist: regular checkups and expert issues.
—Robert Garigue, IT Security thought leader, former CISO of Bell Canada & Bank of Montreal

Controls are what you use to reduce risk. Controls can reduce likelihood or impact, and if you’re lucky, they can reduce both. The selection and arrangement of controls is an important step in the IT security program. This chapter explains how to design controls. ...

Get IT Security Risk Control Management: An Audit Preparation Plan now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon

12. Control Design

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly