Control is ...

 

... "something which prevents or reduces the probability of an information security incident, indicates that an incident may have occurred and/or mitigates the damage, harm, costs or other adverse consequences caused or triggered by or simply following on from an incident" [source: SecAware glossary]

... "the exertion of influence over a subordinate by an authority or assertive figure" [source: SecAware glossary]

... technical, physical, procedural, legal, social, mechanical, economic, political ...

... applied to processes, systems, machines, people, quality ...

... a "measure that maintains and/or modifies risk
Note 1 to entry: Controls include, but are not limited to, any
process, policy, device, practice or other conditions and/or
actions which maintain and/or modify risk.
Note 2 to entry: Controls may not always exert the
intended or assumed modifying effect."
[source: ISO 31000]

... a volume knob that goes all the way to 11

... automated, semi-automated or manual

... an illusion induced by acquiescence

... preventive, detective or corrective

... avoiding or preventing badness

... defining and applying rules

... what happens in the tower

... an action/adventure game

... an availability challenge

... an engineering solution

... local, remote or hybrid

... hitting the sweet spot

... about mitigating risk

... keeping within limits

... a means to an end

... binary or analogue

... providing direction

... setting boundaries

... negative feedback

... power superiority

... being in charge

... being resilient

... an impression

... management

... containment

... proportional

... oppression

... confidence

... constraint

... regulation

... assurance

... an illusion

... unreliable

... imperfect

... influence

... valuable

... coercion

... mastery

... the key

... stability

... a belief

... a state

... power

... fragile

... costly

... a key

... finite

... rules

... key

...

 That's not all:

Prompted? Puzzled? Provoked? What have I missed, misrepresented, mis-defined or misunderstood? What other infosec-related terms shall we explore?

Click the pencil below to have your say.

 

Popular posts from this blog

Pragmatic ISMS implementation guide (FREE!)

Two dozen information risks that ISO forgot

Philosophical phriday - compliance risk

ISMS internal audit priorities

Reading between the lines of ISO27001 [L O N G]

Passionate dispassion

45 ISO Management Systems Standards

Philosophical phriday - a noncompliance ramble

Adaptive SME security Crowdstrike special