Implement controls

Once the controls required by the risk assessment and management process have been agreed and documented in the SoA they must be implemented. The degree of implementation of a given control must match the risk management requirements defined by the organisation. Controls implemented should be effective, efficient, should not create additional levels of bureaucracy, reduce the effectiveness of the user or stifle creativeness.

All controls must be effectively implemented and monitored to ensure that they remain effective.

An Introduction To Information, Network and Internet Security
Implement controls Once the controls required by the risk assessment and management process have been agreed and documented in the SoA they must be implemented. The degree of implementation of a given control must match the risk management requirements defined by the organisation. Controls implemented should be effective, efficient, should not create additional levels of bureaucracy, reduce the effectiveness of the user or stifle creativeness. All controls must be effectively implemented and monitored to ensure that they remain effective.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security