Abstract:

In Chapter 4 the security controls are classified according to NIST’s classification – management, technical, and operational. Chapter 7 gives an alternative classification, which shows the relationships between threats and security controls. This classification might be preferable to some readers. The following classification starts by specifying each threat. Under each threat, once again the controls are categorized according to whether they are management, technical, or operational. The list of security controls under each of these categories is then listed. The chapter as a whole does not give a comprehensive breakdown of the threats and applicable security controls but indicates ...