Categories of controls-information security, Computer Network Security

Categories of Controls

Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the controls by category:

Control function:
Controls (safeguards) designed to defend systems are preventive or detective.

Architectural layer:
Some of the controls apply to one or more layers of organization’s technical architecture

Strategy layer: Controls classified by risk control strategy (avoidance, transference, mitigation) in which they operate.

Information security principle: Controls can be classified according to characteristics of secure information they assure. These characteristics include: accountability integrity, availability, confidentiality, authorization, authentication, and privacy.

Posted Date: 10/9/2012 2:19:16 AM | Location : United States







Related Discussions:- Categories of controls-information security, Assignment Help, Ask Question on Categories of controls-information security, Get Answer, Expert's Help, Categories of controls-information security Discussions

Write discussion on Categories of controls-information security
Your posts are moderated
Related Questions
Types of IDSs and Detection Methods IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs us

Consider a computer system with three users: Alice, Bob and Cindy. Alice owns the file alicerc, and Bob and Cindy can read it. Cindy can read and write the file bobrc, which Bob ow

Question: (a) How can you prevent someone from accessing your computer when you leave your office for some time? (b) What is the difference between a classic login and a w

THREADS AND ATTACKS Threat is an object, person, or other entity which represents a constant danger to an asset. To make sound decisions about information security, management s

QUESTION (a) Discuss why it is considered more secure to use the SET (Secure Electronic Transaction) for e-commerce instead of using SSL (b) Describe how the dual signature

ADDRESS RESOLUTION WITH MESSAGE EXCHANGE An alternative to local calculation is a distributed function. A computer that requires to find an address transmits a message across

Question: A regional police force has the following corporate objectives: ? to reduce crime and disorder; ? to promote community safety; ? to contribute to delivering just

a) Define the term "Enterprise Network". b) Briefly discuss the similarity and differences between a switch and a router. c) A company XYZ has been renting the 1 st Floor of

(a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certificate

Explain how can we achieved privacy in an e-mail system.  The full form of PEM is Privacy Enhanced Mail: PEM  is  the  internet  Privacy  Enhanced  Mail  standard  adopted