From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Identifying and prioritizing controls

Identifying and prioritizing controls

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Identifying and prioritizing controls

- [Instructor] Once you select a unique functional architecture for your application, you'll need to select and prioritize the right controls for that architecture. Before you can implement any of these controls, though, you first need to figure out which ones are the most appropriate for your application. The process of control identification is as important as it is tricky. Based on the results of your attack surface evaluation and threat modeling efforts, you may have already identified controls that would effectively address all the threats in your list. That doesn't mean that you can afford all those controls, though. Controls can be costly to implement and costly to maintain in terms of both money and time. Your job is to figure out the right controls for your application based on the resources you have at your disposal. All of this activity is designed to reduce risk. Speaking of risk, let's revisit the simple formula you can use to help prioritize both your risks and your…

Contents