The IT Law Wiki

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
 
== Definitions ==
 
== Definitions ==
   
 
A '''security control assessor''' is
A '''security control assessor''' is "[t]he individual, group, or organization responsible for conducting a [[security control assessment]]."<ref>[[NIST Special Publication 800-53A]].</ref>
 
   
 
{{Quote|[is] [t]he individual, group, or organization responsible for conducting a [[security control assessment]].<ref>[[NIST Special Publication 800-53A]].</ref>}}
A '''security control assessor'''
 
   
 
{{Quote|[c]onducts a comprehensive [[assessment]] of the management, operational, and technical [[security controls]] employed within or inherited by an [[information system]] to determine the overall [[effectiveness]] of the [[security controls|controls]].<ref>[[Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination]], at 41.</ref>}}
 
{{Quote|[c]onducts a comprehensive [[assessment]] of the management, operational, and technical [[security controls]] employed within or inherited by an [[information system]] to determine the overall [[effectiveness]] of the [[security controls|controls]].<ref>[[Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination]], at 41.</ref>}}
   
βˆ’
{{Quote|[is] an individual, group, or organization responsible for conducting a comprehensive assessment of the management, [[Operational security|operational]], and technical [[security controls]] employed within or inherited by an [[IT]] and [[ICS]] to determine the overall effectiveness of the controls (i.e., the extent to which the controls are [[implement]]ed correctly, operating as intended, and producing the desired outcome with respect to meeting the [[security]] requirements for the [[system]]). Security control assessors also provide an assessment of the severity of weaknesses or deficiencies discovered in the [[IT]] and [[ICS]] and their [[environments of operation]] and recommend corrective actions to address identified [[vulnerabilities]]. In addition to the above responsibilities, security control assessors prepare the final [[security assessment]] report containing the results and findings from the assessment. Prior to initiating the [[security control assessment]], an assessor conducts an assessment of the [[security plan]] to help ensure that the plan provides a set of [[security controls]] for the [[IT]] and [[ICS]] that meet the stated [[security]] requirements.<ref>[[Electricity Subsector Cybersecurity Risk Management Process]], App. F, at 74.</ref>}}
+
{{Quote|an individual, group, or organization responsible for conducting a comprehensive assessment of the management, [[Operational security|operational]], and technical [[security controls]] employed within or inherited by an [[IT]] and [[ICS]] to determine the overall effectiveness of the controls (i.e., the extent to which the controls are [[implement]]ed correctly, operating as intended, and producing the desired outcome with respect to meeting the [[security]] requirements for the [[system]]). Security control assessors also provide an assessment of the severity of weaknesses or deficiencies discovered in the [[IT]] and [[ICS]] and their [[environments of operation]] and recommend corrective actions to address identified [[vulnerabilities]]. In addition to the above responsibilities, security control assessors prepare the final [[security assessment]] report containing the results and findings from the assessment. Prior to initiating the [[security control assessment]], an assessor conducts an assessment of the [[security plan]] to help ensure that the plan provides a set of [[security controls]] for the [[IT]] and [[ICS]] that meet the stated [[security]] requirements.<ref>[[Electricity Subsector Cybersecurity Risk Management Process]], App. F, at 74.</ref>}}
   
 
== References ==
 
== References ==

Please note that all contributions to the The IT Law Wiki are considered to be released under the CC-BY-SA

Cancel Editing help (opens in new window)

Template used on this page: