The IT Law Wiki

Common controls

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Common controls are

security controls employed at the organization level that typically serve multiple information systems. By centrally managing and documenting the development, implementation, assessment, authorization, and monitoring of common controls, organizations can amortize security costs across multiple information systems.[1]

Overview Edit

"Examples of business process areas having common controls include contingency planning, incident response, security training and awareness, personnel security, physical and environmental protection, and security program management. These business process areas are generally good candidates for common controls."[2]

References Edit

  1. Electricity Subsector Cybersecurity Risk Management Process, App. H, at 85.
  2. Id.

Also on Fandom

Random Wiki