Raymond Pompon, IT Security Risk Control Management, 10.1007/978-1-4842-2140-2_6

6. Scope

Raymond Pompon¹

(1)Seattle, Washington, USA

Just boil the ocean.
—Will Rogers, American humorist,
A proposed solution to the threat of submarines (1917)

Scope, simply, is what you care about protecting based on what your compliance and risk analysis uncovers. The assets, processes, and personnel in the scope are where you focus your controls to reduce risk. Since it isn’t always feasible to defend all your assets from all the threats, scope answers the question about what must be protected. The following are some examples of scoped assets:

Cardholder data, financial transaction data, protected health information
IT systems storing, processing, ...

Get IT Security Risk Control Management: An Audit Preparation Plan now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon

6. Scope

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly