April 2016
Intermediate to advanced
504 pages
16h 9m
English
Content preview from The Security Risk Assessment Handbook, 2nd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
200 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
e security risk assessment team is encouraged to review Table6.21 and add or
modify table elements to suit its own needs and experiences.
6.2.5 Test Administrative Security Controls
e last phase of data gathering for administrative security controls in the RIIOT
method is testing. Testing of administrative controls is the process of invoking con-
ditions that should trigger the administrative controls and reviewing the response
against the policies, procedures, and good practice. is type of data gathering
provides excellent insight into the actual eectiveness of the controls, but it can
only be applied in a limited fashion.
e administrative controls that lend ...