Security Controls to mitigate risk for an Information System

August 2, 2010 15:37 by nirav

Every business has valuable IT assets such as computers, networks, and data. These organizations should conduct their own IT security audits for protecting their IT assets. Conducting their own IT security audits will give a clear picture of the security risks they face and how to best deal with those threats. Whenever organizations have to face some loss, compromise or when there is a security breach, it is because their information system is lacking required IT controls. Security controls are measures taken to protect an enterprise information system from potential attacks against the confidentiality, integrity, and availability of the information system. Security Controls can be categorized in three ways:

Proactive/Preventive Controls
Preventive controls proactively define and enforce acceptable behaviors. Preventive security controls are put into place to prevent intentional or unintentional disclosure, modification, or destruction of sensitive information. Examples: Policy, Firewall.

Detective Controls
Detective controls constantly monitor all activities happening in the Information System of the organization. They detect and report an undesired or unauthorized event (attempted or otherwise). Detective security controls are invoked after the undesirable event has happened. Examples: Log monitoring and review, File integrity checkers, System audit.

Reactive/Corrective Controls
Reactive or corrective controls typically start work, once the alarm has been raised by a detective control. They respond to and fix an incident once it has occurred. They also try to limit or reduce further damage from an attack.
Examples: Cleaning system infected with a virus, Placing firewall rules to block an attacking IP address

Conclusion:
These 3 controls are the ways of mitigating the risk to the organizational information system. However as security threats are always change, keeping your company safe requires that you continually assess new threats and revisit your response to old ones.
Security controls are selected and applied based on a risk assessment of the information system. The risk assessment process identifies system threats and vulnerabilities, and then security controls are selected to mitigate the risk.

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Tags: security control
Categories: General
Actions: E-mail | Permalink | Comments (70) | Comment RSS RSS comment feed

Cost of Governance Risk and ComplianceGovernance, Risk, and Compliance Management: An Operational ApproachDeveloping Metrics and Measures for Information Security Risk

Comments

August 16. 2010 05:56

Visiting your Blog today. Thanks for the update you have nicely covered this topic. keep it up

workplace accidents videos

December 4. 2010 03:44

Thanks for posting this. i really had good time reading this.

Emo

December 4. 2010 06:32

Where is your rss? I cant find it

Compact refrigerator

December 4. 2010 09:00

Its a pity you dont have a donate button, i would donate some =)

Ati Radeon Graphics HD Wallpaper

December 4. 2010 11:50

Great site design!!!! Whattemplate did you use?

Facebook statuses

December 4. 2010 13:38

Hey check out my blog too. I hope i have some fun stuff too

Nikon d3000 10mp digital slr camera with 18 55mm f3 5 5 6g af s dx vr nikkor zoom lens 55 200mm dx zoom lens with 8gb card en el9a battery nikon gadget bag accessory kit

December 4. 2010 17:03

I liked this article

Poker deposit bonuses

December 4. 2010 17:08

Thanks for posting this. i really had good time reading this.

Cross cutting shredder

December 4. 2010 21:44

Hey check out my blog too. I hope i have some interesting stuff too

Red by giorgio beverly hills for women eau de toilette spray 3 ounces tester

December 21. 2010 11:30

I liked this post

Chevrolet Camaro Synergy HD Wallpaper

December 21. 2010 14:06

Hey check out my blog too. I hope i have some interesting stuff too

Planning cardio around leg workout day

December 21. 2010 19:39

Hey check out my blog too. I hope i have some fun stuff too

Lancaster self tan body fast dry bronze water spray 5 fl oz

December 22. 2010 01:22

Thanks for posting this. i really had good time reading this.

Clarisonic spot therapy brush head replacement

January 8. 2011 02:30

Nice Post Thanks !

Betting Joy

January 8. 2011 02:32

Nice Post Thanks !

Royal Poker Cup

January 16. 2011 11:31

<a href="http://www.ptsell.com"" rel="nofollow">http://www.ptsell.com";>christian louboutin shoes</a>,<a href="http://www.ptsell.com"" rel="nofollow">http://www.ptsell.com";>louboutin shoes</a>

dfdfgd

January 16. 2011 11:32

<a href="http://www.ptsell.com"" rel="nofollow">http://www.ptsell.com";>christian louboutin shoes</a>,<a href="http://www.ptsell.com"" rel="nofollow">http://www.ptsell.com";>louboutin shoes</a>

dfdfgd

January 17. 2011 11:13

Its a pity you dont have a donate button, i would donate some =)

Neko girls 2 yura yura

January 17. 2011 12:21

Its a pity you dont have a donate button, i would donate some =)

Entangled

January 17. 2011 13:15

Where can i find your rss? I cant find it

Evil facebook statuses

January 20. 2011 17:35

Got it here at last what I have been looking, I must say thanks forthis post.

affordable website

January 26. 2011 23:46

Great read, well-written. The problem I think is that when visitors hover watch their mouse into your name and see that url directing to a blogger profile in watch their status bar, its more likely that they won’t click it.

brown suede boots

January 28. 2011 02:10

Thanks,have a good time in diablo 2!

diablo 2 cd key

February 5. 2011 02:58

I thought it was going to be some boring old post, but it really compensated for my time. I think that your perspective is deep, it’s just well thought out. I am sure my visitors will find that very useful.

Vancouver IT Support

February 5. 2011 10:39

Very interesting post - Might be old new, but it was new to me. You have done a marvelous job! I am sure my visitors will find that very useful.

Low Rate Title Loan

February 8. 2011 10:26

Excellent read, I just passed this onto a colleague who was doing a little research on that. And he actually bought me lunch because I found it for him smile So let me rephrase that: Thanks for lunch!

landscape lights

March 6. 2011 17:24

Its nice and quite, no people leaving stupid comments or having bullshit discussions. its just a perfect wholesale to get your latest information in design/art world.
keep it up.

prs guitars

March 19. 2011 13:24

nice and quite, no people leaving stupid comments or having bullshit discussions. its just a perfect wholesale to get your latest information in design/art world.
keep it up.

thomas sabo

April 15. 2011 05:10

It is really a special one. I like the way you have presented the information. Interesting post. Thanks for sharing.

Travel leads

April 16. 2011 21:59

I am very impressed with the articles on your site. I get so many ideas to help me. I will be coming back to check if you have more articles in the future.

crowdsourcing

May 16. 2011 11:33

You’re not the average blog writer, man. You definitely have something powerful to add to the web. Your design is so strong that you could almost get away with being a bad writer, but you’re even awesome at expressing what you have to say. Such a great blog. Ill be back for more.

peruvian handicrafts

May 22. 2011 03:24

What a great site and informative posts, I will add back link - bookmark this site? I want to show my friends and ask them what they think.

computer repair services

May 25. 2011 22:44

Wonderful facts, thank you to the article author. Its comprehensible to me now, the usefulness and significance is overwhelming. Thanks again and good luck!

snowboard travel

June 9. 2011 13:29

To my mind it's really one of the most difficult task in this sphere!

essay writer

June 19. 2011 06:51

I'm really enjoying the design and layout of your website as well as the description about Security Controls. It's a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often... :)

Mini stun guns

June 21. 2011 04:31

To my mind it's really one of the most difficult task in this sphere!

Pandora Bracelets

June 21. 2011 04:45

Great site design!!!! Whattemplate did you use?

Christian Louboutin Shoes

June 25. 2011 02:17

Your high quality articles are so great. Updating with new feature about IT security and design makes this subject of the blog very interesting. Posts are also informative and enjoyable.
Feel good to be here... :)

Rechargeable stun guns

June 26. 2011 17:06

Air Jordan Six Rings

July 4. 2011 11:07

Excellent stuff from you. I’ve read your things before and you are just too awesome. I adore what you have got right here. You make it entertaining and you still manage to keep it smart. This is truly a great blog!!...
Thanks for sharing... :)

vertigo remedies

July 8. 2011 07:32

Interesting. The facts in this post are eye opening for sure. You really did a great job of showing important elements of the discourse in this writing... :)

digital light meter

July 14. 2011 05:45

That is a very fascinating document. It is beneficial and also you have of course conducted your due diligence previous to penning the write-up. I will likely need to revisit and browse your potential article content.... :)

vertigo cure

July 26. 2011 08:35

Nicely written article. You’re even awesome at expressing what you have to say. Such a great blog. I'll be back for more. Thanks!... :)

andatech

August 9. 2011 20:16

I am very happy to read this article..Thanks for giving us nice info.Nicely written! I hope you will be writing some other posts as well. Anyway thank you.

light meters

August 10. 2011 07:14

Its nice and quite. its just a perfect wholesale to get your latest information in design/art world.
keep it up. Thanks!... :)

crawling

August 18. 2011 11:56

I am very impressed with the articles on your site. I get so many ideas to help me.Thanks for posting this.I really had good time reading this post.Thanks a lot..

crawling the web

August 22. 2011 03:42

Thanks for your contribution. I personally find it quite hard to keep up with blog posting.I will be coming back to check if you have more articles in the future. Good job!

breathalyser

August 27. 2011 10:41

I read your post and I found it amazing .Your thought process is wonderful. The way you express yourself is awesome.Keep sharing some more blog post and i hope you goanna be appreciated more.

working usa proxies

August 27. 2011 11:49

I read your post and I found it amazing .Your thought process is wonderful. The way you express yourself is awesome.

usa proxies

September 3. 2011 05:49

This is such a deep blog! What can I say, youve hit the nail right on the head! Please write more of this. I largely enjoyed it.Thanks a lot... :)

drug & alcohol

September 27. 2011 15:11

Nice information.....thanks
http://www.hosts101.com

Samantha Fox

October 2. 2011 07:08

Your work is very good and I appreciate you and hopping for some more informative posts about information system . Thank you for sharing great information to us!... :)

world war alliance codes

October 7. 2011 00:27

Keep sharing some more blog post about IT 'Security' and i hope you goanna be appreciated more.Its incredible. Your design is flawless. Thanks!... :)

world war alliance codes

October 10. 2011 08:06

Hi,
i read your blog that was really interesting and valuable for me and i hope your blog becomes popular among all the people so keep it up these interesting blogs.

Management of solid waste in India

October 11. 2011 04:10

You are so awesome. I can't believe I missed this blog for so long. Its just great stuff all round about "IT" . Its very well written blog. Thanks!... :)

ignition lock

November 18. 2011 22:17

The new Zune browser is surprisingly good, but not as good as the iPod's. It works well, but isn't as fast as Safari, and has a clunkier interface. If you occasionally plan on using the web browser that's not an issue, but if you're planning to browse the web alot from your PMP then the iPod's larger screen and better browser may be important.

Shampoos

November 19. 2011 16:06

This is such a deep blog about information system ! What can I say, youve hit the nail right on the head! Please write more of this. I largely enjoyed it.Thanks a lot... :)

breathalysers

November 19. 2011 20:51

Hands down, Apple's app store wins by a mile. It's a huge selection of all sorts of apps vs a rather sad selection of a handful for Zune. Microsoft has plans, especially in the realm of games, but I'm not sure I'd want to bet on the future if this aspect is important to you. The iPod is a much better choice in that case.

Sulfate Free Shampoo

November 21. 2011 11:51

Thanks for this post about the characterization of Security Controls. This is the third time that I have been back to check out your site. Thanks!... :)

vampires live cheats

November 24. 2011 22:22

vampires codes

November 27. 2011 04:40

Just saying you are very creative. Your articles always have a lot of really up to date information. Where do you come up with this? Thanks again.
(http://www.aquashoes.org.uk/)

Aqua Shoes

December 1. 2011 00:54

This post was very well written, and it also contains many useful facts.

muscle

December 3. 2011 10:40

Great blog article about Security Controls, I have been lately in your blog once or twice now. I just wanted to say hi and show my thanks for the information provided. Thanks!... :)

Scented candles

December 7. 2011 19:52

I really loved reading your blog. It was very well authored and easy to understand about IT security audits. I also found your posts very interesting. Thank you!... :)

light meters

December 14. 2011 04:33

Thanks for this post about the Security Controls. I have a website in a similar niche and this is the third time that I have been back to check out your site. Thanks!... :)

Personal storage

January 1. 2012 08:03

Thank you for sharing with us about Security Controls, I too always learn something new from your post! Good job! Keep it up!... :)

Safety management system

January 2. 2012 15:52

Fantastic blog! I dont think Ive seen all the angles of this subject the way youve pointed them out. Youve got so much to say and know so much about IT assets the that I think you should just teach a class about it.

write essay

January 10. 2012 00:30

Fantastic blog! I dont think Ive seen all the angles of this subject the way youve pointed them out. Youve got so much to say and know so much about the IT assets that I think you should just teach a class about it... :)

Integrated management system

January 12. 2012 14:25

I must appreciate you for your posts about IT security in this blog. You really have done very well.I am very impressed with the articles on your site.Thanks a lot...:)

Integrated management system

January 18. 2012 04:42

I hope you will never stop!This is one of the best blogs Ive ever read. Youve got some mad skill here, man.Please keep it up because the internet needs someone like you spreading the word.

Environmental management system

Add comment

Name*
E-mail* (Will show your Gravatar icon)
Website
Country

Comment*

Live preview

February 5. 2012 11:11

Security Controls to mitigate risk for an Information System

Related posts

Comments

Add comment

Live preview

Search

Tags

Categories

Blogroll

Disclaimer