Difference between revisions of "Control"
(→European Project Definitions) |
|||
Line 31: | Line 31: | ||
==== [[Czech Republic]] ==== | ==== [[Czech Republic]] ==== | ||
{{definition|Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/> | {{definition|Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/> | ||
+ | ====[[Oman]]==== | ||
+ | {{definition|Countermeasure: Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. <ref>[http://www.cert.gov.om/library_information_glossary.aspx Oman CERT Glossary]</ref>}}<br /><br/> | ||
====[[United Kingdom]]==== | ====[[United Kingdom]]==== | ||
Line 61: | Line 63: | ||
* Test reference. --> | * Test reference. --> | ||
[[Category:Protection]][[Category:CIPRNet-Glossary]] | [[Category:Protection]][[Category:CIPRNet-Glossary]] | ||
− | {{#set:defined by=EU|defined by=UNISDR|defined=IPCC|defined by=Albania|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=United Kingdom|defined by=United States|defined by=NIST|defined by=ISO|defined by=IETF|defined by=EU-project}} | + | {{#set:defined by=EU|defined by=UNISDR|defined=IPCC|defined by=Albania|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=Oman|defined by=United Kingdom|defined by=United States|defined by=NIST|defined by=ISO|defined by=IETF|defined by=EU-project}} |
Revision as of 21:39, 28 December 2016
This term is usually synomymous to the term "Countermeasure", "Safeguard" or "Measure". Controls are usually considered as means to mitigate risk.
Contents
Definitions
European Definitions
2009/72/EC
European Project Definitions
CIPRNet project
The CIPRNet project [2] uses the following definition:
Other International Definitions
IPCC
For example renewable energy technologies, waste minimization processes, public transport commuting practices, etc.
UNISDR
UNISDR does not use the term "control". It defines two types of "measures": Structural and Non-structural measures [4].
Note that in civil and structural engineering, the term “structural” is used in a more restricted sense to mean just the load-bearing structure, with other parts such as wall cladding and interior fittings being termed non-structural.
National Definitions
Albania
Argentina
Australia
Czech Republic
Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]
Oman
United Kingdom
United States
NIST
Synonymous with security controls and safeguards.
Standard Definition
IETF
ISO/IEC 27000:2014 and ISO 31000:2009
The standard notes that:
- Controls include any process, policy, device, practice, or other actions which modify risk.
- Controls may not always exert the intended or assumed modifying effect.
Each control is usually associated to a control objective, which is a statement describing what is to be achieved as a result of implementing the control.
See also
Notes
- ↑ ENTSO-E Glossary of Terms
- ↑ http://www.ciprnet.eu/
- ↑ IPCC
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ PROJEKT LIGJ PËR SIGURINË KIBERNETIKE
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Oman CERT Glossary
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary