Recommended Controls for Risk Control Policies
When auditing an object using the Relational Security Assessment Model, there are many different types of controls that can be checked. Policies should be developed that dictate minimums level of controls for objects of certain risk levels. Table C.1 includes some common controls that should be audited:
| All Objects | |
| Local authentication | To gain direct access to the object, what level of authentication is required? |
| Remote authentication | To gain remote access to the object, what level of authentication is required? |
| Level of logging | To what degree are the subject's actions logged? |
| Level of monitoring | To what degree are such logs monitored? |
| Internal redundancy ... | |
Get Inside the Security Mind: Making the Tough Decisions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
