Physical controls describe anything tangible that’s used to prevent or detect unauthorized access to physical areas, systems, or assets. One of the easiest and most straightforward models for classifying controls is by type: physical, technical, or administrative, and by function: preventative, detective, and corrective. Once an organization defines control objectives, it can assess the risk to individual assets and then choose the most appropriate security controls to put in place. “Our controls provide reasonable assurance that critical systems and infrastructure are available and fully functional as scheduled” is another example. For example, “Our controls provide reasonable assurance that physical and logical access to databases and data records is restricted to authorized users” is a control objective. This is followed by defining specific control objectives-statements about how the organization plans to effectively manage risk. ![]() They typically flow out of an organization’s risk management process, which begins with defining the overall IT security strategy, then goals. Security controls are not chosen or implemented arbitrarily. Recognizable examples include firewalls, surveillance systems, and antivirus software. They include any type of policy, procedure, technique, method, solution, plan, action, or device designed to help accomplish that goal. ![]() Security controls exist to reduce or mitigate the risk to those assets. That generally includes people, property, and data-in other words, the organization’s assets. At the most fundamental level, IT security is about protecting things that are of value to an organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |