7. Controls and Risks

Controls and Risk Reduction

A control is used to reduce risk to a level that is acceptable to a person or organization based on their risk tolerance.

Different types of controls work together to lower risk rather than remove it completely.

Administrative Controls

Administrative controls are rules, policies, laws, or procedures that require certain protective actions.

Physical Controls

Physical controls are actual protective measures that directly reduce harm or prevent an incident.

Main Idea

Controls are applied to bring risk down to an acceptable level, not to eliminate all risk.