Information system security controls

Definition
Information system security controls are

"[s]ecurity controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Three types of security controls:


 * (1) Management: These controls focus on the management of risk and the management of information system security;
 * (2) Operational: These controls are primarily implemented and executed by people (as opposed to systems); and
 * (3) Technical: The controls are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system."