Control effectiveness
Definition
The degree to which a security control achieves its intended objective under real operating conditions. Measured through a combination of design review (is the control built correctly?) and operating effectiveness testing (is the control functioning correctly over time?). Continuous monitoring provides evidence for operating effectiveness.
Related terms
- Compliance dashboard
- An automated reporting surface that aggregates metric and control-status data and presents it in a format aligned to one or more regulatory...
- Continuous monitoring
- An automated control framework that applies fraud indicator tests to transactions as they are processed or on a frequent scheduled basis, generating...
- Key Performance Indicator (KPI)
- A metric that measures how well a specific control or process is performing against a defined target. KPIs are often lagging indicators:...
- Key Risk Indicator (KRI)
- A metric that measures the level or trend of a specific risk exposure. KRIs are often leading indicators: they change before a...
- SIEM (Security Information and Event Management)
- A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
Explained in
- Security Metrics and Continuous MonitoringThe degree to which a security control achieves its intended objective under real operating conditions. Measured through a combination of design review (is the...