Control Methods
As we defined it in Topic 1, a control is a way to counter or address threats.
An organization can take the following courses of action as a means of controlling threats:
- Fully block an attack by removing an underlying vulnerability.
- Make the attack difficult to be carried out (e.g., to save more time and reduce damages.)
- Make the target computer system less attractive to hackers, such as by removing confidential information from it or encrypting the data using a difficult-to-break key.
- Plan ahead on what countermeasures to use to make the attack less severe in case it happens.
- Train information security specialists to detect attacks that are in progress and take countermeasures.
- Have a plan to recover with as minimal damages as possible from an attack in case such happens.