Control Management

Control Management Control Management is a central part of risk, compliance, and security management – because it is all about making them concrete. Risk, compliance, and security won’t get you anywhere if they do not result in implemented security measures and timely execution of well-designed controls. Control Management can be divided into four parts: Design Before you start design of any control, you need to answer the following questions: What is the control supposed to secure? This is typically a direct or indirect result of a requirement or a risk. Ask the question “What is the challenge?” Why is it essential? is concerned with what caused the problem rather than the solution. How are you able to use the result? How will the organisation use the information and what could be necessary to account for? For example: That you transmit, store, and process sensitive personal information confidentially That you know the identity of all existing customers That you know how many are rejected based on background or missing legitimisation That you conduct self-regulation After answering these questions, you know the aim, which will make the work of designing meaningful controls a lot easier. Overall, there are three types of control: Preventive Preventive control relates to minimising the risk of or preventing that something happens, or on the opposite side, this relates to increasing the possibility that something good happens. Detecting Detecting control refers to having the information and knowledge concerning what happens and when it happens. Responding Responding controls are about being prepared when an incident has happened or is happening. Execution and documentation When it comes to scheduled...