Ver:
· Riesgo
Medida que
modifica un riesgo. [UNE-ISO GUÍA 73:2010]
NOTA 1 Los
controles incluyen cualquier proceso, política, dispositivo, práctica, u otras
acciones que modifiquen un riesgo.
[UNE-ISO/IEC 27000:2014]
Medida que
modifica un riesgo.
NOTA 1 Los
controles incluyen cualquier proceso, política, dispositivo, práctica, u otras
acciones que modifiquen un riesgo.
[UNE Guía
73:2010]
Un medio de
gestión de Riesgo, asegurando que el Objetivo de Negocio es alcanzado, o
asegurando que un Proceso es seguido. Ejemplos de Controles incluyen Políticas,
Procedimientos, Roles, RAID, door-locks etc. Un control es llamado, algunas
veces, Contramedida o medida de seguridad.
Control
también es un medio de gestionar el uso o comportamiento de un Elemento de
Configuración, Sistema o Servicio TI.
[ITIL:2007]
Las
políticas, procedimientos, prácticas y estructuras organizacionales diseñadas
para proporcionar una garantía razonable de que los objetivos del negocio se
alcanzarán y los eventos no deseados serán prevenidos o detectados. [COBIT:2006]
1. Procedimiento
empleado para garantizar que un sistema satisface los requi9sitos de seguridad
establecidos en la correspondiente política.
2. Medidas
utilizadas para contrarrestar las amenazas previstas.
[Ribagorda:1997]
measure that is
modifying risk [ISO Guide 73:2009]
NOTE 1: Controls
include any process, policy, device, practice, or other actions which modify
risk.
[ISO/IEC 27000:2014]
measure that is
modifying risk
NOTE 1. Controls
include any process, policy, device, practice, or other actions which modify
risk.
[ISO Guide
73:2009]
The management,
operational, and technical controls (i.e., safeguards or countermeasures)
prescribed for an information system to protect the confidentiality, integrity,
and availability of the system and its information. [CNSSI_4009:2010]
(N) The
management, operational, and technical controls (safeguards or countermeasures)
prescribed for an information system which, taken together, satisfy the specified
security requirements and adequately protect the confidentiality, integrity,
and availability of the system and its information. [FP199] (See: security architecture.)
[RFC4949:2007]
A means of
managing a Risk, ensuring that a Business Objective is achieved, or ensuring
that a Process is followed. Example Controls include Policies, Procedures,
Roles, RAID, door-locks etc. A control is sometimes called a Countermeasure or
safeguard.
Control also
means to manage the utilization or behaviour of a Configuration Item, System or
IT Service.
[ITIL:2007]
The policies,
procedures, practices and organisational structures designed to provide
reasonable assurance that the business objectives will be achieved and
undesired events will be prevented or detected. [COBIT:2006]
The management,
operational, and technical controls (i.e., safeguards or countermeasures)
prescribed for an information system to protect the confidentiality, integrity,
and availability of the system and its information. [FIPS-200:2006] [FIPS-199:2004]
The set of
minimum security controls defined for a low-impact, moderate-impact, or
high-impact information system. [CNSSI_4009:2010]
The set of
minimum security controls defined for a low-impact, moderate-impact, or
high-impact information system. [FIPS-200:2006]
The management,
operational, and technical controls (safeguards or countermeasures) prescribed
for an information system which, taken together, satisfy the systems specified
security requirements and adequately protect the confidentiality, integrity,
and availability of the system and its information. [NIST-SP800-60V2:2004]
An administrative,
operational, technical, physical or legal measure for managing security risk.
This term is synonymous with safeguard.
http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578
The testing
and/or evaluation of the management, operational, and technical security
controls in an information system to determine the extent to which the controls
are implemented correctly, operating as intended, and producing the desired
outcome with respect to meeting the security requirements for the system.
[NIST-SP800-53:2013]
The testing
and/or evaluation of the management, operational, and technical security
controls to determine the extent to which the controls are implemented
correctly, operating as intended, and producing the desired outcome with
respect to meeting the security requirements for the system or enterprise. [CNSSI_4009:2010]
Moyen permettant de
gérer un risque, en sassurant que lobjectif business est atteint, ou en
sassurant quun processus est suivi. Exemples de contrôles: Polices,
Procédures, Rôles, RAID, verrous, etc. Un contrôle est parfois appelé
contre-mesure ou mesure de sécurité.
Le terme contrôle
signifie également un moyen de gérer lutilisation ou le comportement dun
élément de configuration, dun système ou dun service des TI.
[ITIL:2007]
mesure qui
modifie un risque
NOTE 1. Un moyen de
maîtrise du risque inclut n'importe quels processus, politique, dispositif,
pratique ou autres actions qui modifient un risque.
[ISO Guide
73:2009]
Dans le contexte de la
sécurité ICT, le terme contrôle est habituellement considéré comme un synonyme
de safeguard ou contre-mesure.
http://www.cases.public.lu/functions/glossaire/
Mesure administrative,
opérationnelle, technique, physique ou juridique visant à gérer les risques
pour la sécurité. Cette expression est synonyme de protection.
http://www.tbs-sct.gc.ca/pol/doc-fra.aspx?id=16578
Temas relacionados