Difference between revisions of "Control"

From CIPedia
Jump to navigation Jump to search
(Created page with "==Definitions== === Official European Definition === === Other International Definitions === The combination of the probability of an event and its negative consequences. <r...")
 
Line 1: Line 1:
 +
This term is usually synomymous to the term "[[Countermeasure]]", "[[safeguard]]" or "[[mitigation]] control".
 
==Definitions==
 
==Definitions==
 
=== Official European Definition ===
 
=== Official European Definition ===
Line 4: Line 5:
  
 
=== Other International Definitions ===
 
=== Other International Definitions ===
The combination of the probability of an event and its negative consequences. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf2009 UNISDR Terminology on Disaster Risk Reduction]</ref>
+
>
 
=== National Definitions ===
 
=== National Definitions ===
 
<!--Test test test.-->
 
<!--Test test test.-->
 
==== US Definition ====
 
==== US Definition ====
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>
 
  
 
===Standard Definition===
 
===Standard Definition===
 
+
==== ISO/IEC 27000:2014 ====
Effect of uncertainty on objectives (Source: ISO guide 73)
+
Measure that is modifying [[risk]] <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>
 
+
The standard notes that:
The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.
+
* Controls include any process, policy, device, practice, or other actions which modify [[risk]].
(Source: NIST IR 7298r2)
+
* Controls may not always exert the intended or assumed modifying effect.
  
  

Revision as of 21:00, 18 May 2014

This term is usually synomymous to the term "Countermeasure", "safeguard" or "mitigation control".

Definitions

Official European Definition

Other International Definitions

>

National Definitions

US Definition

Standard Definition

ISO/IEC 27000:2014

Measure that is modifying risk [1] The standard notes that:

  • Controls include any process, policy, device, practice, or other actions which modify risk.
  • Controls may not always exert the intended or assumed modifying effect.


See also

Notes