O'Reilly logo

IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

© Raymond Pompon 2016

Raymond Pompon, IT Security Risk Control Management, 10.1007/978-1-4842-2140-2_6

6. Scope

Raymond Pompon

(1)Seattle, Washington, USA

Just boil the ocean.

—Will Rogers, American humorist,

A proposed solution to the threat of submarines (1917)

Scope, simply, is what you care about protecting based on what your compliance and risk analysis uncovers. The assets, processes, and personnel in the scope are where you focus your controls to reduce risk. Since it isn’t always feasible to defend all your assets from all the threats, scope answers the question about what must be protected. The following are some examples of scoped assets:

  • Cardholder data, financial transaction data, protected health information

  • IT systems storing, processing, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required