Difference between revisions of "Control"
(→ISA-62443-*) |
|||
Line 55: | Line 55: | ||
{{definition|An action, device, procedure, or technique that meets or opposes (i.e., counters) a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can be taken. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br/><br/> | {{definition|An action, device, procedure, or technique that meets or opposes (i.e., counters) a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can be taken. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br/><br/> | ||
==== [[ISA|ISA-62443-*]] ==== | ==== [[ISA|ISA-62443-*]] ==== | ||
− | {{definition|Countermeasure: action, device, procedure, or technique that reduces a [[threat]], a [[ | + | {{definition|Countermeasure: action, device, procedure, or technique that reduces a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can take place. <ref name='ISA999'>ISA-62443 series</ref>}}<br/><br/> |
+ | |||
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ||
{{definition|Measure that is modifying [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} | {{definition|Measure that is modifying [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} |
Revision as of 23:19, 31 July 2018
This term is usually synomymous to the term "Countermeasure", "Safeguard" or "Measure". Controls are usually considered as means to mitigate risk.
Contents
Definitions
European Definitions
2009/72/EC
European Project Definitions
CIPRNet project
The CIPRNet project [2] uses the following definition:
Other International Definitions
IAEA
IPCC
For example renewable energy technologies, waste minimization processes, public transport commuting practices, etc.
UNISDR
UNISDR does not use the term "control". It defines two types of "measures": Structural and Non-structural measures [5].
Note that in civil and structural engineering, the term “structural” is used in a more restricted sense to mean just the load-bearing structure, with other parts such as wall cladding and interior fittings being termed non-structural.
National Definitions
Albania
Argentina
Australia
Czech Republic
Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]
Oman
Romania
United Kingdom
United States
DoD
NIST
Synonymous with security controls and safeguards.
US-CERT
Standard Definition
IETF
ISA-62443-*
ISO/IEC 27000:2014 and ISO 31000:2009
The ISO standard notes that:
- Controls include any process, policy, device, practice, or other actions which modify risk.
- Controls may not always exert the intended or assumed modifying effect.
Each control is usually associated to a control objective, which is a statement describing what is to be achieved as a result of implementing the control.
See also
Notes
- ↑ ENTSO-E Glossary of Terms
- ↑ http://www.ciprnet.eu/
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ IPCC
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ PROJEKT LIGJ PËR SIGURINË KIBERNETIKE
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ 9.0 9.1 http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Oman CERT Glossary
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ UK Civil Protection Lexicon 2013
- ↑ Department of Defense, Joint Publication 1-02: “Dictionary of Military and Associated Terms” (JP 1-02), 2015.
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISA-62443 series
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary