Ver:
·
Riesgo
Medida que
modifica un riesgo. [UNE-ISO GUÍA 73:2010]
NOTA 1 Los
controles incluyen cualquier proceso, política, dispositivo, práctica, u otras
acciones que modifiquen un riesgo.
[UNE-ISO/IEC 27000:2014]
Medida que
modifica un riesgo.
NOTA 1 Los
controles incluyen cualquier proceso, política, dispositivo, práctica, u otras
acciones que modifiquen un riesgo.
[UNE Guía
73:2010]
Un medio de
gestión de Riesgo, asegurando que el Objetivo de Negocio es alcanzado, o
asegurando que un Proceso es seguido. Ejemplos de Controles incluyen Políticas,
Procedimientos, Roles, RAID, door-locks etc. Un control es llamado, algunas
veces, Contramedida o medida de seguridad.
Control
también es un medio de gestionar el uso o comportamiento de un Elemento de
Configuración, Sistema o Servicio TI.
[ITIL:2007]
Las
políticas, procedimientos, prácticas y estructuras organizacionales diseñadas
para proporcionar una garantía razonable de que los objetivos del negocio se
alcanzarán y los eventos no deseados serán prevenidos o detectados. [COBIT:2006]
1. Procedimiento
empleado para garantizar que un sistema satisface los requi9sitos de seguridad
establecidos en la correspondiente política.
2. Medidas
utilizadas para contrarrestar las amenazas previstas.
[Ribagorda:1997]
measure that is modifying
risk [ISO Guide 73:2009]
NOTE 1: Controls include any
process, policy, device, practice, or other actions which modify risk.
[ISO/IEC 27000:2014]
measure that is modifying
risk
NOTE 1. Controls include any
process, policy, device, practice, or other actions which modify risk.
[ISO Guide 73:2009]
The management, operational,
and technical controls (i.e., safeguards or countermeasures) prescribed for an
information system to protect the confidentiality, integrity, and availability
of the system and its information. [CNSSI_4009:2010]
(N) The management,
operational, and technical controls (safeguards or countermeasures) prescribed
for an information system which, taken together, satisfy the specified security
requirements and adequately protect the confidentiality, integrity, and
availability of the system and its information. [FP199] (See: security architecture.)
[RFC4949:2007]
A means of managing a Risk,
ensuring that a Business Objective is achieved, or ensuring that a Process is
followed. Example Controls include Policies, Procedures, Roles, RAID,
door-locks etc. A control is sometimes called a Countermeasure or safeguard.
Control also means to manage
the utilization or behaviour of a Configuration Item, System or IT Service.
[ITIL:2007]
The policies, procedures,
practices and organisational structures designed to provide reasonable
assurance that the business objectives will be achieved and undesired events
will be prevented or detected. [COBIT:2006]
The management, operational,
and technical controls (i.e., safeguards or countermeasures) prescribed for an
information system to protect the confidentiality, integrity, and availability
of the system and its information. [FIPS-200:2006] [FIPS-199:2004]
The set of minimum security
controls defined for a low-impact, moderate-impact, or high-impact information
system. [CNSSI_4009:2010]
The set of minimum security
controls defined for a low-impact, moderate-impact, or high-impact information
system. [FIPS-200:2006]
The management, operational,
and technical controls (safeguards or countermeasures) prescribed for an information
system which, taken together, satisfy the systems specified security
requirements and adequately protect the confidentiality, integrity, and
availability of the system and its information. [NIST-SP800-60V2:2004]
An administrative,
operational, technical, physical or legal measure for managing security risk.
This term is synonymous with safeguard.
http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578
The testing and/or
evaluation of the management, operational, and technical security controls in
an information system to determine the extent to which the controls are
implemented correctly, operating as intended, and producing the desired outcome
with respect to meeting the security requirements for the system. [NIST-SP800-53:2013]
The testing and/or
evaluation of the management, operational, and technical security controls to
determine the extent to which the controls are implemented correctly, operating
as intended, and producing the desired outcome with respect to meeting the
security requirements for the system or enterprise. [CNSSI_4009:2010]
Moyen permettant de
gérer un risque, en s’assurant que l’objectif business est atteint, ou en
s’assurant qu’un processus est suivi. Exemples de contrôles: Polices,
Procédures, Rôles, RAID, verrous, etc. Un contrôle est parfois appelé
contre-mesure ou mesure de sécurité.
Le terme “contrôle”
signifie également un moyen de gérer l’utilisation ou le comportement d’un
élément de configuration, d’un système ou d’un service des TI.
[ITIL:2007]
mesure qui
modifie un risque
NOTE 1. Un moyen de
maîtrise du risque inclut n'importe quels processus, politique, dispositif,
pratique ou autres actions qui modifient un risque.
[ISO Guide
73:2009]
Dans le contexte de la
sécurité ICT, le terme contrôle est habituellement considéré comme un synonyme
de safeguard ou contre-mesure.
http://www.cases.public.lu/functions/glossaire/
Mesure administrative,
opérationnelle, technique, physique ou juridique visant à gérer les risques
pour la sécurité. Cette expression est synonyme de protection.
http://www.tbs-sct.gc.ca/pol/doc-fra.aspx?id=16578