CISM - Information Security Program - Section 3.6
Design and select information security controls appropriate to identified risks and business requirements.
Design and select information security controls by matching preventive controls, detective controls, and corrective controls to the specific risks and business requirements they address. Weigh cost, feasibility, and residual risk to justify control selection decisions and avoid over-controlling low-risk areas.
Control designPreventive controlsDetective controlsControl selection
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.