From the course: IT and Cybersecurity Risk Management Essential Training
Join today to access over 24,000 courses taught by industry experts.
Validating controls
From the course: IT and Cybersecurity Risk Management Essential Training
Validating controls
- [Instructor] How can you know if a control is working correctly? Well, an audit or an assessment can tell you. So let's see how you can design a good minimum viable verification. By the way, it's called an audit if the control is evaluated by an outside organization, such as an external auditor. But it's called an assessment if the control is being evaluated under the direct supervision of the management team. Now this distinction is important because the word audit has adversarial connotations and it causes control operators to provide minimum cooperation. Now, let's get back to the control that we looked at a few lessons ago. It was in NIST Special Publication 800-53, Revision 5, it was located on page 174, and it's called MP-6: Media Sanitization. The best way to validate this control is to first look up the procedure in NIST Special Publication 800-53A, which is a guide for assessing the security controls.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.