Chapter 9. Identifying and Analyzing Risk Mitigation Security Controls
CONTROLS MITIGATE RISK. In other words, they reduce or neutralize threats or vulnerabilities to an acceptable level. At any point in time, you will likely have controls that are in place, controls that are planned, and controls that are needed or being considered.
There are hundreds of controls you can implement in any environment. When evaluating controls, it's best to consider controls in different categories. The National Institute of Standards and Technology published Special Publication SP 800-53. This document groups 18 families of controls into three classes: Technical, Operational, and Management. The document also categorizes controls as Administrative, Technical, and ...
Get Managing Risk in Information Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.