Abstract
Scope, simply, is what you care about protecting based on what your compliance and risk analysis uncovers. The assets, processes, and personnel in the scope are where you focus your controls to reduce risk. Since it isn’t always feasible to defend all your assets from all the threats, scope answers the question about what must be protected. The following are some examples of scoped assets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
PCI DSS v3.2 Template for Report on Compliance,” Section 3, Description of Scope of Work and Approach Taken,
https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2-ROC-Reporting-Template.pdf
- 2.
HIPAA Privacy Rule definition of protected health information.
- 3.
- 4.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Raymond Pompon
About this chapter
Cite this chapter
Pompon, R. (2016). Scope. In: IT Security Risk Control Management. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2140-2_6
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2140-2_6
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2139-6
Online ISBN: 978-1-4842-2140-2
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books