Because our profession has tended to focus on controls, much of the information in this section should be familiar to most of you. That said, there’s more complexity to controls than meets the eye, and a separate whitepaper is warranted in order to cover the topic thoroughly. Nonetheless, we’ll cover some of the higher-level concepts in order to flesh-out the framework.
Specifically, this section will introduce:
- Three control dimensions:
- Form
- Purpose
- Category
- The control lifecycle
October 19th, 2006 at 7:14 pm
[...] First, as I mentioned, Risk Management isn’t management of security devices. Regardless of what a device may do for you. That, I would describe as Control Management. [...]