Difference between revisions of "Control"
(→United States) |
(→Notes) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 34: | Line 34: | ||
==== [[Czech Republic]] ==== | ==== [[Czech Republic]] ==== | ||
{{definition|Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. <ref name=nodeid561> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. <ref name=nodeid561> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/> | {{definition|Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. <ref name=nodeid561> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. <ref name=nodeid561> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/> | ||
+ | ==== [[France]] ==== | ||
+ | {{definition|Mesure de sécurité: Moyen de traiter un [[Risk|risqué]] de sécurité de l’information. <br/>La nature et le niveau de détail de la description d’une mesure de sécurité peuvent être très variables. <ref>[https://www.ssi.gouv.fr/uploads/2014/01/securite_industrielle_GT_methode_classification-principales_mesures.pdf Méthode de classification et mesures principales, ANSSI (2014)]</ref><br/><br/>Control: means of addressing a data security [[risk]].<br/>A control’s nature and the level of detail of its description can be highly variable. <ref>[https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_Classification_Method.pdf Classification Method and Key Measures, ANSSI (2014)]</ref>}}<br/><br/> | ||
====[[Oman]]==== | ====[[Oman]]==== | ||
Line 45: | Line 47: | ||
==== [[United States]]==== | ==== [[United States]]==== | ||
===== [[DoD]]===== | ===== [[DoD]]===== | ||
− | {{definition|Countermeasures is that form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. <ref>[http://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf Department of Defense, Joint Publication 1-02: “Dictionary of Military and Associated Terms” (JP 1-02), 2015.]</ref>}} | + | {{definition|Countermeasures is that form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. <ref>[http://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf Department of Defense, Joint Publication 1-02: “Dictionary of Military and Associated Terms” (JP 1-02), 2015.]</ref>}}<br/> |
===== [[NIST]]===== | ===== [[NIST]]===== | ||
− | {{definition|Countermeasures are actions, devices, procedures, techniques, or other [[Measure|measures]] that reduce the [[vulnerability]] of an information system. <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}}Synonymous with security controls and safeguards.<br/> | + | {{definition|Countermeasures are actions, devices, procedures, techniques, or other [[Measure|measures]] that reduce the [[vulnerability]] of an information system. <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}}Synonymous with security controls and safeguards.<br/><br/> |
+ | |||
+ | {{definition|Control: The part of the ICS used to perform the monitoring and control of the physical process. This includes all control servers, field devices, actuators, sensors, and their supporting communication systems. <ref>[https://csrc.nist.gov/glossary/term/Operational-technology NIST Glossary / NIST SP 800-82]</ref>}}<br/><br/> | ||
+ | |||
=====[[US-CERT]]===== | =====[[US-CERT]]===== | ||
{{definition|Controls are the methods, policies, and procedures—manual or automated—that are adopted by an organization to ensure the safeguarding of [[Asset|assets]], the accuracy and reliability of management information and financial records, the promotion of administrative efficiency, and adherence to standards. <ref name="USCERT">[https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)]</ref>}}<br /> | {{definition|Controls are the methods, policies, and procedures—manual or automated—that are adopted by an organization to ensure the safeguarding of [[Asset|assets]], the accuracy and reliability of management information and financial records, the promotion of administrative efficiency, and adherence to standards. <ref name="USCERT">[https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)]</ref>}}<br /> | ||
Line 53: | Line 58: | ||
===Standard Definition=== | ===Standard Definition=== | ||
====[[IETF]]==== | ====[[IETF]]==== | ||
− | {{definition|An action, device, procedure, or technique that meets or opposes (i.e., counters) a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can be taken. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | + | {{definition|An action, device, procedure, or technique that meets or opposes (i.e., counters) a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can be taken. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br/><br/> |
+ | ==== [[ISA|ISA-62443-*]] ==== | ||
+ | {{definition|Countermeasure: action, device, procedure, or technique that reduces a [[threat]], a [[vulnerability]], or an [[attack]] by eliminating or preventing it, by minimizing the [[harm]] it can cause, or by discovering and reporting it so that corrective action can take place. <ref name='ISA999'>ISA-62443 series</ref>}}<br/><br/> | ||
+ | |||
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ||
{{definition|Measure that is modifying [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} | {{definition|Measure that is modifying [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} | ||
− | + | <big>The ISO standard notes that: | |
− | <big>The standard notes that: | ||
* Controls include any process, policy, device, practice, or other actions which modify [[risk]]. | * Controls include any process, policy, device, practice, or other actions which modify [[risk]]. | ||
* Controls may not always exert the intended or assumed modifying effect. | * Controls may not always exert the intended or assumed modifying effect. | ||
Line 66: | Line 73: | ||
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
[[Category:Protection]][[Category:CIPRNet-Glossary]] | [[Category:Protection]][[Category:CIPRNet-Glossary]] | ||
− | {{#set:defined by=EU|defined by=UNISDR|defined by=IAEA|defined by=IPCC|defined by=Albania|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=Oman|defined by=Romania|defined by=United Kingdom|defined by=United States|defined by=NIST|defined by=ISO|defined by=IETF|defined by=EU-project}} | + | {{#set:defined by=EU|defined by=UNISDR|defined by=IAEA|defined by=IPCC|defined by=Albania|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=France|defined by=Oman|defined by=Romania|defined by=United Kingdom|defined by=United States|defined by=NIST|defined by=ISO|defined by=IETF|defined by=ISA|defined by=EU-project|defined by=US-CERT}} |
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 14:07, 15 August 2022
This term is usually synomymous to the term "Countermeasure", "Safeguard" or "Measure". Controls are usually considered as means to mitigate risk.
Contents
Definitions
European Definitions
2009/72/EC
European Project Definitions
CIPRNet project
The CIPRNet project [2] uses the following definition:
Other International Definitions
IAEA
IPCC
For example renewable energy technologies, waste minimization processes, public transport commuting practices, etc.
UNISDR
UNISDR does not use the term "control". It defines two types of "measures": Structural and Non-structural measures [5].
Note that in civil and structural engineering, the term “structural” is used in a more restricted sense to mean just the load-bearing structure, with other parts such as wall cladding and interior fittings being termed non-structural.
National Definitions
Albania
Argentina
Australia
Czech Republic
Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]
France
La nature et le niveau de détail de la description d’une mesure de sécurité peuvent être très variables. [10]
Control: means of addressing a data security risk.
A control’s nature and the level of detail of its description can be highly variable. [11]
Oman
Romania
United Kingdom
United States
DoD
NIST
Synonymous with security controls and safeguards.
US-CERT
Standard Definition
IETF
ISA-62443-*
ISO/IEC 27000:2014 and ISO 31000:2009
The ISO standard notes that:
- Controls include any process, policy, device, practice, or other actions which modify risk.
- Controls may not always exert the intended or assumed modifying effect.
Each control is usually associated to a control objective, which is a statement describing what is to be achieved as a result of implementing the control.
See also
Notes
References
- ↑ ENTSO-E Glossary of Terms
- ↑ http://www.ciprnet.eu/
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ IPCC
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ PROJEKT LIGJ PËR SIGURINË KIBERNETIKE
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ 9.0 9.1 http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Méthode de classification et mesures principales, ANSSI (2014)
- ↑ Classification Method and Key Measures, ANSSI (2014)
- ↑ Oman CERT Glossary
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ UK Civil Protection Lexicon 2013
- ↑ Department of Defense, Joint Publication 1-02: “Dictionary of Military and Associated Terms” (JP 1-02), 2015.
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ NIST Glossary / NIST SP 800-82
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISA-62443 series
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary