|
CHAPTER 9 |
Identifying and Analyzing Risk Mitigation Security Controls |
CONTROLS MITIGATE RISK. In other words, they reduce or neutralize threats or vulnerabilities to an acceptable level. At any point in time, you will likely have controls that are in place, controls that are planned, and controls that are needed or being considered.
There are hundreds of controls you can implement in any environment. When evaluating controls, it’s best to consider controls in different categories. The National Institute of Standards and Technology published Special Publication SP 800-53. This document groups the controls into 18 families. Controls are also categorized as procedural (or administrative), technical, and physical.
Chapter 9 Topics
This ...
Get Managing Risk in Information Systems, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
