The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Security

Information system security controls

Edit

Definition[]

Information system security controls are

[s]ecurity controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Three types of security controls:
(1) Management: These controls focus on the management of risk and the management of information system security;
(2) Operational: These controls are primarily implemented and executed by people (as opposed to systems); and
(3) Technical: The controls are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.[1]

References[]

  1. 12 FAM 090 (full-text).
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement