Control Objectives Flashcards
Control Objective
Control objective is the purpose to be achieved by implementing control
Proportionality
The rule of proportionality tells that secure baseline should be aligned for organization proportionate to criticality and sensivity of classification of the asset being protected
Defense - in - depth
Defense in depth (layered security) is the design and implementation of multiple overlapping layers of diverse controls ( controls must be subject of cascade effect, independent, and diversity should be considered)
Cost benefit
Process of comparing the estimated costs and benefits to determine whether it makes sense to proceed from business perspective (cost lower than loss - should be implemented/ cost higher than loss should not be implemented, cost=benefits ROI should be considered)
Tailoring
Tailoring is a phase of customizing secure baseline recommendations to align with organizations requirements
Controls
Tactics and mechanisms and strategies that proactively minimize risk in defines objective
Assurance
Measure of control confidence that intended security controls are effective in their implementation
Control Baseline
Express a minimum standard for given environment. Should be aligned for organization
Supplementing
This is augmenting (adding to ) recommendations to the baseline
Functionality
Way of control verification, this is how control does in the organization
Countermeasures
Countermeasures are measure implemented to address specific threat, are supplementary to the controls (focused on one specific area)
Effectiveness
Is how well control works. If this control is consistent, complete, reliable and timely operationalized
Scoping
Eliminating unnecessary baseline recommendations
Compenasating
Substituting a recommended baseline control with a similar control
