The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Security, Technology, Privacy, Definition

Control

Revision as of 01:55, 18 September 2016 by Mdscott (talk | contribs) (→‎Data security)
Edit

Definitions

Business

Control is

[a]ny action which reduces the probability of a risk occurring or reduces its impact if it does occur.[1]

Computer security

A control is a management, operational, or technical safeguard prescribed for an information system and the security controls in place or planned to implement that safeguard.

A control is a "measure that is modifying risk. Note: controls include any process, policy, device, practice, or other actions which modify risk."[2]

Data security

Control is the authority of an organization that maintains information to regulate access to the information. Having control is a condition or state and not an event. Loss of control is also a condition or state which may or may not lead to an event (e.g., a Privacy Incident).

References

  1. ENISA, Glossary (full-text).
  2. ISO/IEC 27000:2014.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement