O'Reilly logo

Information Risk Management: A practitioner’s guide by Sutton, David

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

APPENDIX D INFORMATION RISK CONTROLS

It is often wrongly assumed that a single control of any kind is sufficient to resolve a risk. In fact, it is frequently the case that more than one control is required, and also of different types. It is conceivable, therefore, that a risk could be reduced by some means, leaving some level of risk that is shared with a third party before the residual risk is accepted. There are three levels of control – strategic, tactical and operational. Figure D.1 illustrates the overall structure of controls.

STRATEGIC CONTROLS

Strategic controls come in four flavours:

  • Avoid or terminate. Avoiding or terminating the risk can mean either stopping doing the activity, in which case there may well be some residual risk; ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required