Feature

Risk management: Implementation of baseline controls

This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls.

Published: 30 Aug 2006

Layer on baseline controls in accordance with CIA information ratings. This step ties the organization's business risks into information security controls. Many organizations are challenged with regulatory compliance and implementation of security best practices. Do not lose track of the big picture, controls are meant to insulate the business from unacceptable risk. The simple process of applying controls based upon data sensitivity and impact ratings will address most compliance concerns. Any deviation from baseline controls should require a formal exception approved by information security management and the business.

INSIDER RISK MANAGEMENT GUIDE

Introduction: Insider risk management

Data organization and impact analysis

Baseline management and control

Implementation of baseline control

Risk management audit

Risk management references

Risk management: Implementation of baseline controls

This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls.

Read more on IT risk management

Beyond baselines - getting real about security and resilience

An explanation of configuration management

Federal Information Security Modernization Act (FISMA)

How the macOS Security Compliance Project can help IT