IT Sicherheit – frischer Wind
IT security – a breath of fresh air
Sécurité informatique – un vent de fraîcheur
Seguridad informática – un soplo de aire fresco
Hacker sind kreativ und finden immer neue Wege in Unternehmen einzudringen. Um Angreifern weiterhin einen Schritt voraus zu sein, braucht es immer wieder neue Ideen.

KALWEIT ITS – Wir bringen frischen Wind.
Hackers are creative and always find new ways to penetrate companies. To stay one step ahead of attackers, new ideas are always needed.

KALWEIT ITS – We bring a breath of fresh air.
Les pirates informatiques sont créatifs et trouvent toujours de nouveaux moyens de s'introduire dans les entreprises. Pour garder une longueur d'avance sur les attaquants, il faut sans cesse de nouvelles idées.

KALWEIT ITS – Nous apportons un vent de fraîcheur.
Los hackers son creativos y siempre encuentran nuevas formas de penetrar en las empresas. Para estar un paso por delante de los atacantes, siempre se necesitan nuevas ideas.

KALWEIT ITS – Traemos un soplo de aire fresco.

The Overlooked Danger: Selection of Security Controls

There are so many fast routes to establish security management as well as controls that the risks of going by the book might be overlooked. It is easy to use frameworks, standards like ISO 27001 or other regulatory requirements and never get into the habit of continuous improvement. For this very reason, this articles explores the process for selecting security controls, the industry best practices and some experiences along the way.

To lay out a plan for getting a strong table of security controls, we have written a whitepaper about this topic that explains the process of selecting security controls in detail based on the internationally used NIST Risk Management Framework and the Special Publication 800-53. This paper concludes all necessary steps to complete a list of selected controls, examples, industry experience and widely used misconceptions to optimally implement this process in your risk or information security processes as well as a full example on how the result of this process would look like. You can find the whitepaper following this link:

Whitepaper Overlooked Danger – Selection of Security Controls

The summary

The process to select security controls is widely known but oftentimes overlooked, or scheduled for after getting the first results but improvement can happen even before compliance, so that the selection process starts right at the start of setting up an ISMS. The selection of security controls contains three steps: The selection of a minimum baseline, identification of common controls and the selection of hybrid and system-specific controls. Each step should be taken carefully for an optimal effectiveness of the security program. Going by the process described in the NIST risk management framework, the result should be stated in a security plan, but any other document would also suffice. An example of such a document can be found at the end of the whitepaper.