Definitions[]
Business[]
Control is
“ | [a]ny action which reduces the probability of a risk occurring or reduces its impact if it does occur.[1] | ” |
Computer security[]
A control is a management, operational, or technical safeguard prescribed for an information system and the security controls in place or planned to implement that safeguard.
A control is a "measure that is modifying risk. Note: controls include any process, policy, device, practice, or other actions which modify risk."[2]
Data security[]
Control is the authority of an organization that maintains information to regulate access to the information. Having control is a condition or state and not an event. Loss of control is also a condition or state which may or may not lead to an event (e.g., a Privacy Incident).
General[]
Control is
“ | [t]he means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative, technical, management, or legal nature.[3] | ” |
Controls are "[p]olicies or procedures that are part of a system of internal control."[4]