Security controls play a foundational role in shaping the actions cyber security professionals take to protect an organization.
There are 93 Controls grouped into four categories , which ISO refers to as “themes”:
See the list of all controls with its attributes
The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent.
The lack of security controls places the confidentiality, integrity, and availability of information at risk. These risks also extend to the safety of people and assets within an organization.
A Structured actions or steps taken to achieve a specific outcome. They are essentially the "how" of getting things done. In the context of information security, a process might refer to steps taken to review and grant access permissions to users or how incidents are detected and responded to. Read more