Law #6: The efficacy of a control deteriorates with time. Once put in place, security controls tend to remain static—while the environment in which they operate is dynamic. As a result, a control’s ability to produce the intended effect diminishes over time, and the effectiveness of the controls progressively degrades.
- Chapter 1: Introduction
- from Managing Risk and Information Security: Protect to Enable
- Publisher: Apress
- Released: December 2012
good consideration when "scoring" control effectiveness in risk assessment process for calculating residual risk
Share this highlighthttp://www.safaribooksonline.com/a/managing-risk-and/8722127/