Ver:

·         Contra medida

·         Salvaguarda

·         Control preventivo

·         Control que detecta

·         Control general

·         Control interno

·         Control de gestión

·         Control operativo

·         Control técnico

·         Riesgo

Medida que modifica un riesgo. [UNE-ISO GUÍA 73:2010]

NOTA 1 Los controles incluyen cualquier proceso, política, dispositivo, práctica, u otras acciones que modifiquen un riesgo.

 [UNE-ISO/IEC 27000:2014]

Medida que modifica un riesgo.

NOTA 1 Los controles incluyen cualquier proceso, política, dispositivo, práctica, u otras acciones que modifiquen un riesgo.

[UNE Guía 73:2010]

Un medio de gestión de Riesgo, asegurando que el Objetivo de Negocio es alcanzado, o asegurando que un Proceso es seguido. Ejemplos de Controles incluyen Políticas, Procedimientos, Roles, RAID, door-locks etc. Un control es llamado, algunas veces, Contramedida o medida de seguridad.

Control también es un medio de gestionar el uso o comportamiento de un Elemento de Configuración, Sistema o Servicio TI.

[ITIL:2007]

Las políticas, procedimientos, prácticas y estructuras organizacionales diseñadas para proporcionar una garantía razonable de que los objetivos del negocio se alcanzarán y los eventos no deseados serán prevenidos o detectados. [COBIT:2006]

1. Procedimiento empleado para garantizar que un sistema satisface los requi9sitos de seguridad establecidos en la correspondiente política.

2. Medidas utilizadas para contrarrestar las amenazas previstas.

[Ribagorda:1997]

measure that is modifying risk [ISO Guide 73:2009]

NOTE 1: Controls include any process, policy, device, practice, or other actions which modify risk.

[ISO/IEC 27000:2014]

measure that is modifying risk

NOTE 1. Controls include any process, policy, device, practice, or other actions which modify risk.

[ISO Guide 73:2009]

The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. [CNSSI_4009:2010]

(N) The management, operational, and technical controls (safeguards or countermeasures) prescribed for an information system which, taken together, satisfy the specified security requirements and adequately protect the confidentiality, integrity, and availability of the system and its information. [FP199] (See: security architecture.) [RFC4949:2007]

A means of managing a Risk, ensuring that a Business Objective is achieved, or ensuring that a Process is followed. Example Controls include Policies, Procedures, Roles, RAID, door-locks etc. A control is sometimes called a Countermeasure or safeguard.

Control also means to manage the utilization or behaviour of a Configuration Item, System or IT Service.

[ITIL:2007]

The policies, procedures, practices and organisational structures designed to provide reasonable assurance that the business objectives will be achieved and undesired events will be prevented or detected. [COBIT:2006]

The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. [FIPS-200:2006] [FIPS-199:2004]

The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. [CNSSI_4009:2010]

The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. [FIPS-200:2006]

The management, operational, and technical controls (safeguards or countermeasures) prescribed for an information system which, taken together, satisfy the systems specified security requirements and adequately protect the confidentiality, integrity, and availability of the system and its information. [NIST-SP800-60V2:2004]

An administrative, operational, technical, physical or legal measure for managing security risk. This term is synonymous with safeguard.

http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578

The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [NIST-SP800-53:2013]

The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system or enterprise.  [CNSSI_4009:2010]

Moyen permettant de gérer un risque, en s’assurant que l’objectif business est atteint, ou en s’assurant qu’un processus est suivi. Exemples de contrôles: Polices, Procédures, Rôles, RAID, verrous, etc. Un contrôle est parfois appelé contre-mesure ou mesure de sécurité.

Le terme “contrôle” signifie également un moyen de gérer l’utilisation ou le comportement d’un élément de configuration, d’un système ou d’un service des TI.

[ITIL:2007]

mesure qui modifie un risque

NOTE 1. Un moyen de maîtrise du risque inclut n'importe quels processus, politique, dispositif, pratique ou autres actions qui modifient un risque.

[ISO Guide 73:2009]

Dans le contexte de la sécurité ICT, le terme contrôle est habituellement considéré comme un synonyme de safeguard ou contre-mesure.

http://www.cases.public.lu/functions/glossaire/

Mesure administrative, opérationnelle, technique, physique ou juridique visant à gérer les risques pour la sécurité. Cette expression est synonyme de protection.

http://www.tbs-sct.gc.ca/pol/doc-fra.aspx?id=16578