The IT Law Wiki


32,299pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

Business Edit

Control is

[a]ny action which reduces the probability of a risk occurring or reduces its impact if it does occur.[1]

Computer security Edit

A control is a management, operational, or technical safeguard prescribed for an information system and the security controls in place or planned to implement that safeguard.

A control is a "measure that is modifying risk. Note: controls include any process, policy, device, practice, or other actions which modify risk."[2]

Data security Edit

Control is the authority of an organization that maintains information to regulate access to the information. Having control is a condition or state and not an event. Loss of control is also a condition or state which may or may not lead to an event (e.g., a Privacy Incident).

General Edit

Control is

[t]he means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative, technical, management, or legal nature.[3]

References Edit

  1. ENISA, Glossary (full-text).
  2. ISO/IEC 27000:2014.
  3. FFIEC Information Technology Examination Handbook-Information Security, at 76.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki