UnixTime

Research Note

Template - Control Attribute Review

Use this when reviewing whether a selected control matches the intended risk treatment effect.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this when reviewing whether a selected control matches the intended risk treatment effect.

Field Entry
Control ID / Name
Related ISO/IEC 27002 control
Related risk
Risk treatment objective Reduce likelihood / reduce impact / improve detection / improve recovery / meet compliance need
Control type Preventive / detective / corrective
Security property Confidentiality / integrity / availability
Cybersecurity concept Identify / protect / detect / respond / recover
Operational capability Governance / asset management / access control / supplier security / event management / continuity / etc.
Current implementation status Not implemented / partially implemented / implemented / optimized
Evidence available Policy, procedure, logs, screenshots, tickets, review records, reports
Is the control suitable for the risk? Yes / no / partially
Is there over-protection? Yes / no
Is there under-protection? Yes / no
Action required Keep / improve / replace / remove / consolidate
Owner
Review date
  • Template
  • Control attributes
  • Iso27002

Note Metadata

Aliases: Control Attribute Review

Source: 90 Templates/Control Attribute Review.md