Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

146 CHAPTER 7 Security Controls and Services find solutions that might be outside your usual bag of tricks. With this knowledge, you should now be able to properly map the protection requirements of a certain risk exposure to the security control that would best mitigate that risk. It is impor- tant to really understand the significance of these controls and how best to apply them even if you don't understand every technical aspect. The basic security con- trol requirements at the end of this chapter should serve as a good reference, when you are assessing the general posture of your organization. Risk manage- ment needs to be more than just a control selection exercise, but there is no deny- ing that controls play an important role in managing acceptable levels of risk. Action Plan After reading this chapter, you should consider taking the following actions in your own organization: · · Take the bulleted list of fundamental security control requirements from the last section of this chapter and make yourself a checklist to use whenever you are evaluating a new security control. If you haven't already, read the SANS Top 20 Critical Controls list and review