1.1 Security Control Categories and types

Question 1

Preventative controls

Answer 1

Technical- firewall
Managerial- on-boarding policy
Operational- guard shack
Physical- Door lock

Preventative controls are measures and strategies implemented to reduce the likelihood of security incidents or breaches occurring within an organization. These controls are designed to proactively mitigate risks before they can be realized, thereby protecting an organization’s assets, data, and operations. Preventative controls can be categorized into several types, including administrative, technical, and physical controls. Below are some common examples and best practices associated with preventative controls:

1. Administrative Controls:
   
   • Policies and Procedures: Establish clear security policies and procedures that outline acceptable use, data protection, incident response, and compliance requirements.
   • Training and Awareness: Conduct regular training sessions and awareness programs for employees to educate them about security risks, best practices, and their roles in maintaining security.
   • Access Control Policies: Implement role-based access control (RBAC) to ensure that employees have access only to the information and resources necessary for their job functions.
2. Technical Controls:
   
   • Firewalls: Deploy firewalls to monitor and control incoming and outgoing network traffic based on predetermined security rules. This helps to block unauthorized access.
   • Intrusion Detection and Prevention Systems (IDPS): Use IDPS to monitor network traffic for suspicious activities and take action to block or mitigate detected threats.
   • Antivirus and Anti-malware Software: Install and regularly update antivirus software to detect and remove malicious software before it can cause harm.
   • Encryption: Use encryption to protect sensitive data in transit (e.g., TLS for network communications) and at rest (e.g., encrypting files and databases) to prevent unauthorized access.
   • Patch Management: Regularly update and patch software, operating systems, and applications to fix vulnerabilities and protect against exploitation.
3. Physical Controls:
   
   • Access Control Systems: Implement physical access controls, such as keycards, biometric scanners, or security personnel, to restrict access to sensitive areas and equipment.
   • Surveillance Cameras: Use video surveillance to monitor sensitive areas and deter unauthorized access.
   • Environmental Controls: Implement physical measures to protect equipment and data from environmental hazards, such as fire suppression systems, climate control, and flood prevention.

1. Risk Assessment:
   
   • Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities. This helps prioritize the implementation of preventative controls based on identified risks.
2. Layered Security Approach:
   
   • Employ a defense-in-depth strategy that uses multiple layers of security controls to protect against various threats. This may include a combination of technical, administrative, and physical controls.
3. Regular Audits and Reviews:
   
   • Perform regular audits and reviews of security policies, procedures, and controls to ensure they are effective and aligned with organizational goals and regulatory requirements.
4. Incident Response Planning:
   
   • Develop and maintain an incident response plan that outlines the steps to take in the event of a security incident. Regularly test and update the plan to ensure its effectiveness.
5. Security by Design:
   
   • Integrate security considerations into the design and development of systems and applications from the outset, ensuring that security is built into processes and technologies.
6. User Access Management:
   
   • Implement strong user access management practices, including enforcing password policies, using multi-factor authentication (MFA), and regularly reviewing user access rights.
7. Data Classification and Handling:
   
   • Classify data based on its sensitivity and implement appropriate handling and protection measures for each classification level.
8. Third-Party Risk Management:
   
   • Evaluate and manage risks associated with third-party vendors and partners, ensuring they adhere to your security standards.

Preventative controls are essential components of an effective cybersecurity strategy. By proactively identifying and mitigating risks through a combination of administrative, technical, and physical controls, organizations can significantly reduce the likelihood of security incidents and protect their valuable assets. Implementing best practices, conducting regular assessments, and fostering a culture of security awareness are critical to maintaining a robust preventive security posture.

Question 2

Deterrent controls

Answer 2

Technical- Splash screens
Managerial- Demotion
Operational- reception desk
Physical- warning signs

Question 3

Detective controls

Answer 3

Technical- system logs
Managerial- review login reports
Operational- property patrols
Physical- motion detectors

Question 4

Corrective controls

Answer 4

Technical- backup recovery
Managerial- policies for reporting issues
Operational- contact authorities
Physical- fire extinguisher

Question 5

Compensating controls

Answer 5

Technical- block w/ firewall not patch
Managerial- separation of duties
Operational- multiple security staff
Physical- power generator

Question 6

Directive controls

Answer 6

Technical- file storage policies
Managerial- compliance policies
Operational- security policy training
Physical- sign: authorized personnel only