Information security controls

Definition
Information security controls

"include security management, access controls, configuration management, segregation of duties, and contingency planning. These controls are designed to ensure that there is a continuous cycle of activity for assessing risk, logical and physical access to sensitive computing resources and information is appropriately restricted; only authorized changes to computer programs are made; one individual does not control all critical stages of a process; and backup and recovery plans are adequate to ensure the continuity of essential operations."