Security Controls

Topics: Security, Computer security, Information security Pages: 2 (486 words) Published: March 10, 2013
Security controls enable organizations to have a measuring stick where they can assess the effectiveness of their practical and operational security statements and controls against industry standards. These security controls act as guidelines to check the organization's security statements for their maturity and capabilities. Security controls also provide a model framework in order to create a Gap assessment, enable the focus on remediation planning, and increase the awareness and interest of the stakeholders in creating a model that focus on security and risk assessments. These standards are based on laws, standards, regulations and guidelines and are intend to establish the effectiveness of satisfying their specified security necessities (Chew et al, 2007). These standards were developed by a consortium of major corporations, government agencies and many others such as NIST (National Institute of Standards and Technology), OMB (Office of Management and Budget) and other governmental bodies such as the Secretary of commerce, and government issued laws such as FISMA (Federal Information Security Management Act). These security controls are mainly focused on probable attack scenarios such as inventories of authorized and unauthorized devices and software connected to networks (Stouffer et al, 2011), secure configuration for software and hardware on mobile and immobile devices, continuous vulnerability assessments and remediation, defenses against malware and viruses, application software security, data recovery capabilities, security based skills assessments and training of staff, security configurations and hardening of network hardware such as routers, firewalls and switches, controlled use of administrative accounts and privileges, and monitoring, maintenance and analysis of audit logs, need to know basis controlled access, monitoring of accounts and controls, prevention against data losses, management of incident response, secure network engineering and...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Information Security Strategy Essay
  • It Security Essay
  • Internet Security Essay
  • Violino Security Risk Mgmt Frameworks Essay
  • Questions on Risk Management Controls Essay
  • Information Security Risk Analysis and Management Essay
  • Information Systems Security and Control Essay
  • Essay about security

Become a StudyMode Member

Sign Up - It's Free