search

Control Management

hashtag
Overview

The Control Management module is a critical component of the Information Security Essentials product, designed to help organizations implement, track, and assess security controls. Security controls are the specific safeguards or countermeasures that protect the confidentiality, integrity, and availability of your information assets.

This module provides a structured approach to control management, enabling you to:

  1. Define and document security controls based on industry frameworks

  2. Assess control implementation and effectiveness

  3. Link controls to policies, risks, and compliance requirements

  4. Collect and organize evidence of control implementation

  5. Monitor control status and compliance across your organization

hashtag
Key Features

hashtag
Control Framework Support

  • Industry Frameworks - Implement controls based on standard frameworks (ISO 27001, NIST 800-53, CIS Controls, etc.)

  • Custom Frameworks - Create organization-specific control frameworks

  • Framework Mapping - Map controls across multiple frameworks

  • Control Categories - Organize controls by domain, function, or type

  • Control Hierarchy - Establish relationships between high-level and detailed controls

hashtag
Control Assessment

  • Assessment Workflows - Define and execute control assessment processes

  • Assessment Scheduling - Set regular assessment frequencies

  • Assessment Criteria - Establish clear criteria for evaluating controls

  • Scoring Methodology - Rate control implementation and effectiveness

  • Gap Analysis - Identify and address control deficiencies

hashtag
Control Integration

  • Policy Mapping - Link controls to relevant security policies

  • Risk Mapping - Connect controls to specific risks they mitigate

  • Compliance Mapping - Associate controls with regulatory requirements

  • Evidence Linking - Attach documentation proving control implementation

  • Control Dependencies - Identify relationships between controls

hashtag
Control Monitoring

  • Status Tracking - Monitor the implementation status of each control

  • Compliance Dashboards - Visualize control compliance across the organization

  • Remediation Tracking - Manage the resolution of control deficiencies

  • Audit Trail - Maintain a history of control changes and assessments

  • Reporting - Generate comprehensive control status reports

hashtag
Getting Started

hashtag
Accessing the Control Management Module

  1. Log in to your AskInfosec account

  2. Navigate to the main dashboard

  3. Select "Controls" from the main navigation menu

  4. You will be directed to the Control Management dashboard

hashtag
Control Management Dashboard

The Control Management dashboard provides an overview of your organization's security controls, including:

  • Control Status Summary - Visual representation of control implementation status

  • Recent Activity - Latest control changes and assessments

  • Upcoming Assessments - Controls scheduled for review

  • Control Search - Quick access to specific controls

  • Control Categories - Organized view of controls by domain or type

hashtag
Creating a New Control

hashtag
Step 1: Initiate Control Creation

  1. From the Control Management dashboard, click the "New Control" button

  2. Select a control framework or choose to create a custom control

  3. Enter basic control information:

    • Control Name

    • Control ID/Code

    • Description

    • Category

    • Owner/Approver

    • Assigned Team Members

hashtag
Step 2: Define Control Details

  1. Provide detailed information about the control:

    • Control Objective - What the control aims to achieve

    • Control Description - Detailed explanation of the control

    • Implementation Guidance - How the control should be implemented

    • Assessment Criteria - How to evaluate the control's effectiveness

    • Evidence Requirements - What documentation is needed to demonstrate compliance

hashtag
Step 3: Establish Control Relationships

  1. Link the control to relevant elements:

    • Policies - Connect to security policies that mandate the control

    • Risks - Associate with risks the control helps mitigate

    • Compliance Requirements - Map to specific regulatory requirements

    • Related Controls - Identify dependencies or relationships with other controls

hashtag
Step 4: Set Assessment Parameters

  1. Define how the control will be assessed:

    • Assessment Frequency - How often the control should be evaluated

    • Assessment Method - How the assessment will be conducted

    • Assessment Owner - Who is responsible for evaluating the control

    • Evidence Collection - What evidence should be gathered during assessment

hashtag
Step 5: Save and Activate

  1. Save the control definition

  2. Set the initial status (e.g., Planned, In Progress, Implemented)

  3. The control is now active in your control inventory

hashtag
Managing Existing Controls

hashtag
Viewing Control Details

To view a control's details:

  1. Navigate to the Control Management dashboard

  2. Locate the control using search or category filters

  3. Click on the control name to open the control details page

  4. The details page shows:

    • Control definition and requirements

    • Implementation status

    • Assessment history

    • Related elements (policies, risks, etc.)

    • Evidence and documentation

    • Comments and activity log

hashtag
Editing a Control

To edit an existing control:

  1. Open the control details page

  2. Click the "Edit" button

  3. Make your changes to the control definition

  4. Save your changes

  5. The system will track the change history

hashtag
Control Assessment Process

Regular control assessments are essential for maintaining an effective security program:

  1. Navigate to the control details page

  2. Click "Conduct Assessment"

  3. Follow the assessment workflow:

    • Review control requirements

    • Gather and evaluate evidence

    • Determine compliance status

    • Document findings and observations

    • Assign remediation actions if needed

  4. Complete the assessment by providing an overall rating

  5. The assessment results are saved to the control's history

hashtag
Control Remediation

When control deficiencies are identified:

  1. From the assessment results, click "Create Remediation Plan"

  2. Define the remediation actions:

    • Description of required actions

    • Assigned responsibility

    • Due date

    • Priority level

  3. Save the remediation plan

  4. Track progress through the remediation workflow

  5. Once completed, conduct a follow-up assessment to verify effectiveness

hashtag
Control Evidence Management

hashtag
Adding Evidence to Controls

To document control implementation:

  1. Navigate to the control details page

  2. Select the "Evidence" tab

  3. Click "Add Evidence"

  4. Choose the evidence type:

    • Document upload

    • Link to existing document

    • Screenshot

    • Text description

    • External reference

  5. Provide a description explaining how the evidence demonstrates compliance

  6. Upload or link the evidence

  7. Save the evidence record

hashtag
Managing Evidence

To organize and maintain control evidence:

  1. Navigate to the control details page

  2. Select the "Evidence" tab

  3. View all evidence associated with the control

  4. Filter evidence by type, date, or assessment

  5. Update or replace outdated evidence

  6. Remove irrelevant or obsolete evidence

hashtag
Evidence Review

During control assessments, review evidence for:

  1. Relevance - Does the evidence directly relate to the control?

  2. Completeness - Does it fully demonstrate compliance?

  3. Currency - Is the evidence up-to-date?

  4. Authenticity - Is the evidence reliable and trustworthy?

  5. Sufficiency - Is there enough evidence to support compliance?

hashtag
Control Reporting

hashtag
Control Status Reports

Generate reports on control implementation status:

  1. Navigate to the Reports section

  2. Select "Control Status Report"

  3. Choose filtering and grouping options:

    • Framework

    • Category

    • Status

    • Owner

  4. Generate the report

  5. Export to PDF, Excel, or CSV format

hashtag
Compliance Mapping Reports

Create reports showing control coverage of compliance requirements:

  1. Navigate to the Reports section

  2. Select "Compliance Mapping Report"

  3. Choose the compliance framework

  4. Generate the report

  5. Identify gaps in control coverage

hashtag
Assessment Reports

Document control assessment results:

  1. Navigate to the Reports section

  2. Select "Control Assessment Report"

  3. Choose the assessment period and scope

  4. Generate the report

  5. Use for audit evidence and program improvement

hashtag
Control Frameworks

hashtag
Supported Frameworks

The Control Management module supports several industry-standard frameworks:

  1. ISO 27001/27002 - International standard for information security management

  2. NIST 800-53 - Security controls for federal information systems

  3. CIS Controls - Top 20 critical security controls

  4. SOC 2 - Trust Services Criteria for service organizations

  5. PCI DSS - Payment Card Industry Data Security Standard

  6. HIPAA - Health Insurance Portability and Accountability Act

  7. Custom Frameworks - Organization-specific control sets

hashtag
Framework Mapping

To map controls across multiple frameworks:

  1. Navigate to the Framework Mapping section

  2. Select the source and target frameworks

  3. Create mappings between equivalent controls

  4. Use these mappings to demonstrate compliance across multiple standards

hashtag
Best Practices

hashtag
Control Definition

  • Be specific - Clearly define what the control requires

  • Set measurable criteria - Establish objective ways to assess compliance

  • Consider context - Adapt controls to your organization's environment

  • Document exceptions - Note any situations where the control doesn't apply

  • Review regularly - Update control definitions as requirements change

hashtag
Control Assessment

  • Use consistent methodology - Apply the same assessment approach across controls

  • Gather objective evidence - Rely on documentation rather than verbal assertions

  • Involve subject matter experts - Include technical specialists in assessments

  • Document thoroughly - Record assessment methods, findings, and conclusions

  • Follow up on deficiencies - Ensure remediation actions are completed

hashtag
Control Management

  • Assign clear ownership - Ensure each control has a designated owner

  • Establish review cycles - Regularly reassess all controls

  • Maintain evidence - Keep documentation current and accessible

  • Track changes - Document modifications to control implementations

  • Align with policies - Ensure controls support policy requirements

hashtag
Troubleshooting

hashtag
Common Issues

  • Control overlap - Identify and manage redundant controls

  • Incomplete evidence - Address gaps in control documentation

  • Assessment inconsistency - Standardize assessment approaches

  • Remediation delays - Track and escalate overdue remediation actions

  • Framework conflicts - Resolve differences between control requirements

hashtag
Getting Support

If you encounter issues with the Control Management module:

  1. Check the in-app help documentation

  2. Contact your organization's system administrator

  3. Submit a support ticket through the AskInfosec support portal

hashtag
Conclusion

Effective control management is essential for implementing and maintaining a strong security posture. The Control Management module provides the tools and structure needed to define, assess, and monitor security controls across your organization.

By following the processes outlined in this guide, you can establish a robust control framework that protects your information assets, meets regulatory requirements, and demonstrates your commitment to security best practices.

PreviousInformation Security EssentialsNextDocument Management

Last updated