The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information systems security.
SOURCE: CNSSI-4009