The IT Law Wiki

Information security controls

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Information security controls

include security management, access controls, configuration management, segregation of duties, and contingency planning. These controls are designed to ensure that there is a continuous cycle of activity for assessing risk, logical and physical access to sensitive computing resources and information is appropriately restricted; only authorized changes to computer programs are made; one individual does not control all critical stages of a process; and backup and recovery plans are adequate to ensure the continuity of essential operations.[1]

Overview Edit

"[I]neffective information security controls can result in significant risks, including

References Edit

  1. Information Security: Securities and Exchange Commission Needs to Consistently Implement Effective Controls, at 1 n.1.
  2. Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems, at 2-3.

Also on Fandom

Random Wiki