O'Reilly logo

Managing Risk in Information Systems by Darril Gibson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Identifying and Analyzing Risk Mitigation Security Controls

CONTROLS MITIGATE RISK. In other words, they reduce or neutralize threats or vulnerabilities to an acceptable level. At any point in time, you will likely have controls that are in place, controls that are planned, and controls that are needed or being considered.

There are hundreds of controls you can implement in any environment. When evaluating controls, it's best to consider controls in different categories. The National Institute of Standards and Technology published Special Publication SP 800-53. This document groups 18 families of controls into three classes: Technical, Operational, and Management. The document also categorizes controls as Administrative, Technical, and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required