Control is ...

 

... "something which prevents or reduces the probability of an information security incident, indicates that an incident may have occurred and/or mitigates the damage, harm, costs or other adverse consequences caused or triggered by or simply following on from an incident" [source: SecAware glossary]

... "the exertion of influence over a subordinate by an authority or assertive figure" [source: SecAware glossary]

... technical, physical, procedural, legal, social, mechanical, economic, political ...

... applied to processes, systems, machines, people, quality ...

... a "measure that maintains and/or modifies risk
Note 1 to entry: Controls include, but are not limited to, any
process, policy, device, practice or other conditions and/or
actions which maintain and/or modify risk.
Note 2 to entry: Controls may not always exert the
intended or assumed modifying effect."
[source: ISO 31000]

... a volume knob that goes all the way to 11

... automated, semi-automated or manual

... an illusion induced by acquiescence

... preventive, detective or corrective

... avoiding or preventing badness

... defining and applying rules

... what happens in the tower

... an action/adventure game

... an availability challenge

... an engineering solution

... local, remote or hybrid

... hitting the sweet spot

... about mitigating risk

... keeping within limits

... a means to an end

... binary or analogue

... providing direction

... setting boundaries

... negative feedback

... power superiority

... being in charge

... being resilient

... an impression

... management

... containment

... proportional

... governance

... oppression

... confidence

... constraint

... regulation

... assurance

... an illusion

... unreliable

... imperfect

... influence

... valuable

... coercion

... mastery

... the key

... stability

... a belief

... a state

... power

... fragile

... costly

... a key

... finite

... rules

... key

...

 That's not all:

• Accountability is ...
• Assurance is ...
• Audit is ...
• Authorisation is ...
• Cyber is ...
• Fragility is ...
• Governance is ...
• Impact is ...
• Information is ...
• ISO27k is ...
• Oversight is ...
• Resilience is ...
• Responsibility is ...
• Risk is ...
• Security is ...
• System is ...
• Threat is ...
• Trust is ...
• Vulnerability is ...

Prompted? Puzzled? Provoked? What have I missed, misrepresented, mis-defined or misunderstood? What other infosec-related terms shall we explore?

Click the pencil below to have your say.