|“||[a]ny action which reduces the probability of a risk occurring or reduces its impact if it does occur.||”|
Computer security Edit
Data security Edit
Control is the authority of an organization that maintains information to regulate access to the information. Having control is a condition or state and not an event. Loss of control is also a condition or state which may or may not lead to an event (e.g., a Privacy Incident).
|“||[t]he means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative, technical, management, or legal nature.||”|
- ↑ ENISA, Glossary (full-text).
- ↑ ISO/IEC 27000:2014.
- ↑ FFIEC Information Technology Examination Handbook-Information Security, at 76.
- ↑ Playbook: Enterprise Risk Management for the U.S. Federal Government, at 103.