The present invention is related to security risk environments, and more specifically to control framework generation for improving a security risk of an environment.
Currently, with security becoming a major issue in all aspects of life, data security within companies and other enterprises is also becoming more and more important. Some environments may contain data that exist in a secure environment, but then the environment may allow for the data to become non-secure by data movement or reproduction by an individual. Companies and other entities are searching for better ways to protect their employees, customers, and shareholders information, and other information that may exist in an un-secure environment. Further, there is potential risk to a company when confidential information is moved to an un-secure environment where appropriate controls are not in place to safeguard the information in the event of loss or theft. Companies have a strong interest in preventing confidential information from leaking outside of the company without knowing where the leak came from. Access to confidential information by an unauthorized person or party may trigger a privacy event which may negatively impact the company in many different ways, e.g., regulatory compliance, identity theft, etc.