Managing Risk in Information Systems, 3rd Edition

Identifying and Evaluating Controls

A control, also called a countermeasure, is a security control or a safeguard. A control is implemented to reduce a risk, and a risk can be reduced by reducing vulnerabilities or the impact of the threat.

When identifying and evaluating controls, the following should be considered:

In-place controls—In-place controls are those that are currently installed in the operational system.
Planned controls—Planned controls are those that have a specified implementation date.

In-Place and Planned Controls

Controls cost money. Before purchasing a control, an organization will evaluate its options. During its evaluation of alternative controls, the organization will gather relevant documentation. The documentation ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Risk in Information Systems, 3rd Edition by Darril Gibson, Andy Igonor

Identifying and Evaluating Controls

In-Place and Planned Controls

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly