From the course: IT and Cybersecurity Risk Management Essential Training
Join today to access over 23,400 courses taught by industry experts.
Operating controls
From the course: IT and Cybersecurity Risk Management Essential Training
Operating controls
- [Instructor] Controls that are not well operated might be abandoned or simply won't reduce IT risk as much as needed. And when a control fails, you end up worse off than when you started treating the risk. Not only do you have all the risk that exceeded your tolerance before you attempted to reduce it to an acceptable level, but now you have a false sense of security because your reality is much worse than you think it is. Before risk treatment, you have the risk in your register and you knew something needed to be done. Now, after the control is failed, it's just as bad as ever and it's also completely off your radar. Here's an example of what I'm talking about. There was a HIPAA covered entity that suffered a big electronic health record data breach. As they investigated, they discovered that a temporary control had silently failed. The control was temporary because the system it was protecting was also meant to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.