The IT Law Wiki

Management controls

32,563pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

Management controls are

security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security.[1]
[s]ecurity controls focused on managing organizational risk and information system security and devising sufficient countermeasures or safeguards to mitigate risk to acceptable levels. Management control families include risk assessment, security planning, system and services acquisition, and security assessment.[2]

Overview Edit

Management controls are the mechanisms and techniques — administrative, procedural, and technical — that are instituted to implement a security policy. Some management controls are explicitly concerned with protecting information and information systems, but the concept of management controls includes much more than a computer's specific role in enforcing security. Note that management controls not only are used by managers, but also may be exercised by users. An effective program of management controls is needed to cover all aspects of information security, including physical security, classification of information, the means of recovering from breaches of security, and above all training to instill awareness and acceptance by people.[3]

References Edit

  1. NIST, FIPS 200.
  2. Tax Information Security Guidelines For Federal, State and Local Agencies, at 154.
  3. Computers at Risk: Safe Computing in the Information Age, at 50.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.