The IT Law Wiki

Operational controls

31,971pages on
this wiki

Definition Edit

Operational controls (OPCON) are

[t]he security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).[1]

Overview Edit

"These controls are established to improve the security of a group, a specific system, or group of systems. Operational controls require technical or specialized expertise and often rely on management and technical controls. Operational control families include personnel security, contingency planning, configuration management, maintenance, system and information integrity, incident response, and awareness and training."[2]

References Edit

  1. FIPS 200. See also NIST Special Publication 800-53; NIST Special Publication 800-37.
  2. Tax Information Security Guidelines For Federal, State and Local Agencies, at 154.

Around Wikia's network

Random Wiki