Categories of controls-information security, Computer Network Security

Categories of Controls

Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the controls by category:

Control function:
Controls (safeguards) designed to defend systems are preventive or detective.

Architectural layer:
Some of the controls apply to one or more layers of organization’s technical architecture

Strategy layer: Controls classified by risk control strategy (avoidance, transference, mitigation) in which they operate.

Information security principle: Controls can be classified according to characteristics of secure information they assure. These characteristics include: accountability integrity, availability, confidentiality, authorization, authentication, and privacy.

Posted Date: 10/9/2012 2:19:16 AM | Location : United States







Related Discussions:- Categories of controls-information security, Assignment Help, Ask Question on Categories of controls-information security, Get Answer, Expert's Help, Categories of controls-information security Discussions

Write discussion on Categories of controls-information security
Your posts are moderated
Related Questions
Listing Assets in Order of Importance Weighting should be created for each category based on the answers to questions. The relative importance of each asset is calculated usin

(a) (i) If m = p·q·r where p, q, and r are prime numbers, what is Φ(m)? (ii) Therefore, Determine Φ(440). (b) Describe the following terms as used in cryptography: (i)

Question requires you to produce a pcap file from a Wireshark capture.  In addition, you must include a screen capture of Wireshark and some specific information regarding the fram

Hypothetical reliable data transfer protocol: A jumping window based Go-back-N  ARQ protocol for file transfer using UDP as the transport protocol: In this protocol, a window o

CSMA/CA Wireless needs collision avoid ness rather than collision checking. Transmitting computer puts very short codes to receiver. Receiver responds with short message getti

what is an SSID?

INTRODUCTION TO SECURITY AND PERSONNEL When implementing information security, there are several human resource issues that should be addressed. They are •    Positioning and n

Consider a computer system with three users: Alice, Bob and Cindy. Alice owns the file alicerc, and Bob and Cindy can read it. Cindy can read and write the file bobrc, which Bob ow

Identify Possible Controls For each threat and linked vulnerabilities which have residual risk, create primary list of control ideas. Residual risk is the risk which remains to

Question: (a) Which of the following is not a goal of security: i) detection ii) prevention iii) recovery iv) prosecution (b) You are an honest student. One day you