China
Africa
Explore chapters and articles related to this topic
Security Management System (SMS)
Published in Noor Zaman Jhanjhi, Khalid Hussain, Azween Bin Abdullah, Mamoona Humayun, João Manuel R.S. Tavares, Information Security Handbook, 2022
Shahida, Khalid Hussain Usmani, Mamoona Humayun
Security controls are precautions and countermeasures to evade, spotify, counteract, or lessen the information security risks of any organization. These could be classified by following some criterion, for instance, according to the security incident:Before the incident, preventive controls are planned to prevent the event from happening, i.e., by catching out unauthorized intrudersDuring the incident, detective controls are aimed to recognize and depict an occasion in progress, e.g., while encountering the burglar, activate the security of the systemAfter the incident, corrective controls are proposed to minimize the level of any damage originated by the event, i.e., retrieving the organization to normal functioning level as effectively as possible.
Establishing a Substantive Control Process
Published in Ken Sigler, Dan Shoemaker, Anne Kohnke, Supply Chain Risk Management, 2017
Ken Sigler, Dan Shoemaker, Anne Kohnke
Security controls are the specific management, operating, and technical behaviors designed to protect information security in an organization. The generic security controls defined in NIST SP 800-53 are planned and installed using a formal managerial process that produces an explicit architecture for the ICT function for a specific organization. The process is implemented by a plan that ensures all designated security controls are implemented properly and are effective in daily operation. Because the controls must always be effective, the implementation of NIST SP 800-53 is built around periodic assessments of risk and feedback obtained during scheduled preventive maintenance inspections of the effectiveness of each control. The outcomes from those assessments include such estimates as the magnitude of harm that could result from the “unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization” (NIST 800-53).
Information Security and Management System
Published in Rajkumar Banoth, Narsimha Gugulothu, Aruna Kranthi Godishala, A Comprehensive Guide to Information Security Management and Audit, 2023
Rajkumar Banoth, Narsimha Gugulothu, Aruna Kranthi Godishala
Security management is not only deciding which security technology to use. Security controls need to be configured, integrated into the organization, monitored, updated, and replaced as necessary. Security technology that is not properly used won't help to protect organization assets. Security management covers all aspects that help an organization to preserve the three famous security goals. These are, as you probably already know, confidentiality, integrity, and availability. In the context of security management, confidentiality means that information assets should only be read by those users that are entitled to do so. Integrity is about preventing users from modifying organizational assets when they do not have the necessary authorization.
A rough cut cybersecurity investment using portfolio of security controls with maximum cybersecurity value
Published in International Journal of Production Research, 2022
The objective of cybersecurity investment in supply chains is to protect each supply chain node against a compromise in different areas, i.e. confidentiality, control, integrity, authenticity, availability and utility (see, the Parkerian hexad in Falco et al. 2019). The various actions developed to mitigate the impact of successful breaches are called security controls, countermeasures or safeguards. However, even the most sophisticated controls cannot be expected to completely block cyberattacks as new attack profiles proliferate, e.g. Huang and Behara (2013).
Recommendations for smart grid security risk management
Published in Cyber-Physical Systems, 2019
Vikas Lamba, Nikola Šimková, Bruno Rossi
(6) Continuous evaluation of security controls: organisations should continuously evaluate the existing security controls to determine their effectiveness and applicability with changing risk scenarios in SGs. Periodic security audits are recommended methods to evaluate shortcomings in security controls pertaining to the physical, operational, and IT domains of SGs.