The IT Law Wiki

Information system security controls

32,083pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Information system security controls are

[s]ecurity controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Three types of security controls:
(1) Management: These controls focus on the management of risk and the management of information system security;
(2) Operational: These controls are primarily implemented and executed by people (as opposed to systems); and
(3) Technical: The controls are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.[1]

References Edit

  1. 12 FAM 090 (full-text).

Also on Fandom

Random Wiki