Control Methods

As we defined it in Topic 1, a control is a way to counter or address threats.

An organization can take the following courses of action as a means of controlling threats:

  1. Fully block an attack by removing an underlying vulnerability.
  2. Make the attack difficult to be carried out (e.g., to save more time and reduce damages.)
  3. Make the target computer system less attractive to hackers, such as by removing confidential information from it or encrypting the data using a difficult-to-break key.
  4. Plan ahead on what countermeasures to use to make the attack less severe in case it happens.
  5. Train information security specialists to detect attacks that are in progress and take countermeasures.
  6. Have a plan to recover with as minimal damages as possible from an attack in case such happens.