Fandom

The IT Law Wiki

Security control assessor

32,191pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

A security control assessor is "[t]he individual, group, or organization responsible for conducting a security control assessment."[1]

A security control assessor

[c]onducts a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.[2]
[is] an individual, group, or organization responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an IT and ICS to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). Security control assessors also provide an assessment of the severity of weaknesses or deficiencies discovered in the IT and ICS and their environments of operation and recommend corrective actions to address identified vulnerabilities. In addition to the above responsibilities, security control assessors prepare the final security assessment report containing the results and findings from the assessment. Prior to initiating the security control assessment, an assessor conducts an assessment of the security plan to help ensure that the plan provides a set of security controls for the IT and ICS that meet the stated security requirements.[3]

References Edit

  1. NIST Special Publication 800-53A.
  2. Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, at 41.
  3. Electricity Subsector Cybersecurity Risk Management Process, App. F, at 74.

Also on Fandom

Random Wiki