Control

From CIPedia
Revision as of 22:32, 9 May 2017 by Eluiijf (talk | contribs) (United Kingdom)
Jump to navigation Jump to search

This term is usually synomymous to the term "Countermeasure", "Safeguard" or "Measure". Controls are usually considered as means to mitigate risk.

Definitions

European Definitions

2009/72/EC
Control means rights, contracts or any other means which, either separately or in combination and having regard to the considerations of fact or law involved, confer the possibility of exercising decisive influence on an undertaking, in particular by: (a) ownership or the right to use all or part of the assets of an undertaking; (b) rights or contracts which confer decisive influence on the composition, voting or decisions of the organs of an undertaking. [1]


European Project Definitions

CIPRNet project

The CIPRNet project [2] uses the following definition:

Control is a measure that is modifying risk.


Other International Definitions

IAEA

An action taken to counteract a threat, or to eliminate or reduce vulnerabilities. [3]



IPCC

(in climate policy), measures are technologies, processes or practices that reduce greenhouse gas emissions or impacts below anticipated future levels. [4]

For example renewable energy technologies, waste minimization processes, public transport commuting practices, etc.

UNISDR

UNISDR does not use the term "control". It defines two types of "measures": Structural and Non-structural measures [5].

* Structural measures: Any physical construction to reduce or avoid possible impacts of hazards, or application of engineering techniques to achieve hazard- resistance and resilience in structures or systems. Common structural measures for disaster risk reduction include dams, flood levies, ocean wave barriers, earthquake-resistant construction, and evacuation shelters.
* Non-structural measures: Any measure not involving physical construction that uses knowledge, practice or agreement to reduce risks and impacts, in particular through policies and laws, public awareness raising, training and education. Common non-structural measures include building codes, land use planning laws and their enforcement, research and assessment, information resources, and public awareness programmes.

Note that in civil and structural engineering, the term “structural” is used in a more restricted sense to mean just the load-bearing structure, with other parts such as wall cladding and interior fittings being termed non-structural.

National Definitions

Albania

Kundërmasa, do të thotë veprime me qëllim mbrojtjen nga rreziku kibernetik apo nga incidenti i sigurisë kibernetike ose veprime me qëllim zgjidhjen e një incidenti të konstatuar. [6]



Argentina

Control: Medio para gestionar el riesgo, incluyendo políticas, procedimientos, directrices, prácticas o estructuras organizacionales, las cuales pueden ser de naturaleza administrativa, técnica, de gestión, o legal. [7]



Australia

Control is the overall direction of emergency management activities in an emergency situation. [8]


Czech Republic

Opatření: Znamená řízení rizika, včetně politik, postupů, směrnic, obvyklých postupů (praktik) nebo organizačních struktur, které mohou být administrativní, technické, řídící nebo právní povahy. [9]

Control means control of a risk, including all policies, procedures, directives, usual procedures (practices) or organizational structures, which may be of an administrative, technological, management or legal character. [9]


Oman

Countermeasure: Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. [10]



Romania

Salvgarda: A apăra, a proteja, a lua sub ocrotire un bun moral, social etc. [11]



United Kingdom

Control is the application of authority, combined with the capability to manage resources, in order to achieve defined objectives. [12]


Control is one of the eight principles outlined in Emergency Response and Recovery. The grounding of emergency response and recovery in the existing functions of organisations and familiar ways of working. [13]



United States

NIST
Countermeasures are actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. [14]

Synonymous with security controls and safeguards.

DoD
Countermeasures is that form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. [15]



Standard Definition

IETF

An action, device, procedure, or technique that meets or opposes (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. [16]


ISO/IEC 27000:2014 and ISO 31000:2009

Measure that is modifying risk. [17]

The standard notes that:

  • Controls include any process, policy, device, practice, or other actions which modify risk.
  • Controls may not always exert the intended or assumed modifying effect.

Each control is usually associated to a control objective, which is a statement describing what is to be achieved as a result of implementing the control.

See also

Notes