Control
Jump to navigation
Jump to search
This term is usually synomymous to the term "Countermeasure", "Safeguard" or "Measure". Controls are usually considered as means to mitigate risk.
Contents
Definitions
European Definitions
2009/72/EC
Control means rights, contracts or any other means which, either separately or in combination and having regard to the considerations of fact or law involved, confer the possibility of exercising decisive influence on an undertaking, in particular by: (a) ownership or the right to use all or part of the assets of an undertaking; (b) rights or contracts which confer decisive influence on the composition, voting or decisions of the organs of an undertaking. [1]
European Project Definitions
CIPRNet project
The CIPRNet project [2] uses the following definition:
Other International Definitions
IAEA
An action taken to counteract a threat, or to eliminate or reduce vulnerabilities. [3]
IPCC
(in climate policy), measures are technologies, processes or practices that reduce greenhouse gas emissions or impacts below anticipated future levels. [4]
For example renewable energy technologies, waste minimization processes, public transport commuting practices, etc.
UNISDR
UNISDR does not use the term "control". It defines two types of "measures": Structural and Non-structural measures [5].
* Structural measures: Any physical construction to reduce or avoid possible impacts of hazards, or application of engineering techniques to achieve hazard- resistance and resilience in structures or systems. Common structural measures for disaster risk reduction include dams, flood levies, ocean wave barriers, earthquake-resistant construction, and evacuation shelters.
* Non-structural measures: Any measure not involving physical construction that uses knowledge, practice or agreement to reduce risks and impacts, in particular through policies and laws, public awareness raising, training and education. Common non-structural measures include building codes, land use planning laws and their enforcement, research and assessment, information resources, and public awareness programmes.
Note that in civil and structural engineering, the term “structural” is used in a more restricted sense to mean just the load-bearing structure, with other parts such as wall cladding and interior fittings being termed non-structural.
National Definitions
Albania
Kundërmasa, do të thotë veprime me qëllim mbrojtjen nga rreziku kibernetik apo nga incidenti i sigurisë kibernetike ose veprime me qëllim zgjidhjen e një incidenti të konstatuar. [6]
Argentina
Control: Medio para gestionar el riesgo, incluyendo políticas, procedimientos, directrices, prácticas o estructuras organizacionales, las cuales pueden ser de naturaleza administrativa, técnica, de gestión, o legal. [7]
Australia
Control is the overall direction of emergency management activities in an emergency situation. [8]
Czech Republic
Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. [9]
Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]
Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]
France
Mesure de sécurité: Moyen de traiter un risqué de sécurité de l’information.
La nature et le niveau de détail de la description d’une mesure de sécurité peuvent être très variables. [10]
Control: means of addressing a data security risk.
A control’s nature and the level of detail of its description can be highly variable. [11]
La nature et le niveau de détail de la description d’une mesure de sécurité peuvent être très variables. [10]
Control: means of addressing a data security risk.
A control’s nature and the level of detail of its description can be highly variable. [11]
Oman
Countermeasure: Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. [12]
Romania
Salvgarda: A apăra, a proteja, a lua sub ocrotire un bun moral, social etc. [13]
United Kingdom
Control is the application of authority, combined with the capability to manage resources, in order to achieve defined objectives. [14]
Control is one of the eight principles outlined in Emergency Response and Recovery. The grounding of emergency response and recovery in the existing functions of organisations and familiar ways of working. [15]
United States
DoD
Countermeasures is that form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. [16]
NIST
Countermeasures are actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. [17]
Synonymous with security controls and safeguards.
Control: The part of the ICS used to perform the monitoring and control of the physical process. This includes all control servers, field devices, actuators, sensors, and their supporting communication systems. [18]
US-CERT
Controls are the methods, policies, and procedures—manual or automated—that are adopted by an organization to ensure the safeguarding of assets, the accuracy and reliability of management information and financial records, the promotion of administrative efficiency, and adherence to standards. [19]
Standard Definition
IETF
An action, device, procedure, or technique that meets or opposes (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. [20]
ISA-62443-*
Countermeasure: action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can take place. [21]
ISO/IEC 27000:2014 and ISO 31000:2009
The ISO standard notes that:
- Controls include any process, policy, device, practice, or other actions which modify risk.
- Controls may not always exert the intended or assumed modifying effect.
Each control is usually associated to a control objective, which is a statement describing what is to be achieved as a result of implementing the control.
See also
Notes
References
- Jump up ↑ ENTSO-E Glossary of Terms
- Jump up ↑ http://www.ciprnet.eu/
- Jump up ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- Jump up ↑ IPCC
- Jump up ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- Jump up ↑ PROJEKT LIGJ PËR SIGURINË KIBERNETIKE
- Jump up ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- Jump up ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Jump up to: 9.0 9.1 http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- Jump up ↑ Méthode de classification et mesures principales, ANSSI (2014)
- Jump up ↑ Classification Method and Key Measures, ANSSI (2014)
- Jump up ↑ Oman CERT Glossary
- Jump up ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- Jump up ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- Jump up ↑ UK Civil Protection Lexicon 2013
- Jump up ↑ Department of Defense, Joint Publication 1-02: “Dictionary of Military and Associated Terms” (JP 1-02), 2015.
- Jump up ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- Jump up ↑ NIST Glossary / NIST SP 800-82
- Jump up ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- Jump up ↑ IETF RFC449 Internet Security Glossary 2
- Jump up ↑ ISA-62443 series
- Jump up ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
