1.1 Flashcards
Security controls
4 control CATEGORIES
Technical controls
Managerial controls
Operational controls
Physical controls
A control category that is implemented using systems, including OSs
Technical controls
A security control category that is administrative and associated with security design and implementation
Security policies, standard operating procedures
Managerial controls
A security control category implemented by people instead of systems
Security guards, awareness programs
Operational controls
The control category that limits physical access
Guard shacks, fences, locks, badge readers
Physical controls
6 control TYPES
Preventive
Deterrent
Detective
Corrective
Compensating
Directive
A type of security control that blocks access to a resource
Preventive
A control type that discourages an intrusion attempt, but does NOT directly prevent access
Deterrent
A control type that identifies and logs intrusion attempts, and may/may not prevent access
Detective
A security control type that applies after an event has been detected to reverse the impact of the event
Keeps the system operating with minimal downtime
Corrective
A control type that is put in place when existing controls are not sufficient. It is a method of control using other means.
May be temporary
Compensating
A security control type that directs a subject toward security compliance: “Do this, please”
A relatively weak security control
Directive