Skip to Main Content
Stepping Through Cybersecurity Risk Management
book

Stepping Through Cybersecurity Risk Management

by Jennifer L. Bayuk
March 2024
Beginner content levelBeginner
336 pages
10h 10m
English
Wiley
Content preview from Stepping Through Cybersecurity Risk Management

4Controls

Controls are risk reduction measures. They may be manual, automated, or both. Controls may be directly enumerated, but are often documented as an interrelated set of risk management instructions that include strategic assertions, delegation of security roles and responsibilities, workflow, automation configurations, step‐by‐step procedures, and general advice. These documents are classified into risk appetite, policies, processes, standards, procedures, or guidelines, respectively.

Controls are not effective in isolation. Figure 4.1 depicts controls as a hierarchy composed of multiple control methods that comprise enterprise cybersecurity risk reduction measures. Specifically for cybersecurity, management controls are established with cybersecurity risk appetite, and extend into cybersecurity policy, cybersecurity processes, internally developed cybersecurity standards, cybersecurity procedures, and cybersecurity guidelines. For the remainder of this chapter, we will forgo the adjective cybersecurity from these control methods on the assumption that all the controls to which they refer are directed at minimizing cybersecurity risk.

Controls are interactive by design. They are composed at different levels of enterprise organizational structure and addressed to different organizational constituents whose interactions render the controls effective. The risk appetite comes from the top and is colloquially referred to as “tone at the top.” It is the executive management ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Risk Management for Cybersecurity and IT Managers

Risk Management for Cybersecurity and IT Managers

Jason Dion

Publisher Resources

ISBN: 9781394213955Purchase Link