...
- Activities: running a data centre, operating a network, administering a server
- Risks: fire, theft, hacking, malware
- Business units: financial, human resources, operations
It is helpful to get input from a wide variety of sources within your organisation who can present different perspectives and expertise on the choice and implementation of controls.
Effectiveness
Your selection of controls must be practical for your organisation and staff to implement and understand, otherwise they will not be effective. You should think about how you will monitor and measure the controls as set out in section 9 of the standard.
...