1. Security Controls and Security Intelligence Flashcards
Security Operations Center
A location where security professionals monitor and protect critical information assets in an organization
Security Control
Something designed to give a particular asset or information system the properties of confidentiality, integrity, availability, and nonrepudiation
Security control categories:
Technical
Operational
Managerial
Physical
Deterrent
Compensating
Technical control
Implemented as a system (hardware, software, or firmware)
* Firewalls
* Anti-virus software
* OS access control models
Operational control
Implemented primarily by people rather than systems
* Security guards
* Training programs
Managerial control
Gives oversight of the information system
* Risk identification
* A tool allowing the evaluation and selection of other security controls
Physical control
Deter and detect access to premises and hardware
* Alarms
* Gateways
* Locks
* Lighting
* Security cameras
* Guards
Deterrent control
Psychologically discourages an attacker from attempting an intrusion
* Signs
* Warnings of legal penalties
Compensating control
A substitute for a principal control that affords the same or better protection
Security control goals/functions:
Preventative
Detective
Corrective
Preventative control
Acts to eliminate or reduce the likelihood that an attack can succeed.
Operates before an attack can take place.
Detective control
May not prevent or deter access, but it will identify and record any attempted or successful intrusion
Operates during the progress of an attack
Corrective control
Acts to eliminate or reduce the impact of an intrusion event
Used after an attack
How do you determine the efficiency of a control?
A measure of how long it can delay an attack
Security intelligence
The process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems