1.1 : Security Controls Flashcards
Compare and contrast various types of security controls
Categories of Security Controls
According mechanism of action; how they are applied/enacted
Technical, Managerial, Operational, Physical
Types of Security Controls
Preventive, Deterrent, Detective, Corrective, Compensating, Directive
Technical Controls
Utilize technology to protect assets. Examples: firewalls, antivirus software, encryption.
Managerial Controls
Focused on the mechanics of the entire top-down risk-management process. Examples: security policies, risk assessments, compliance audits. Overall risk management, incorporating change management, project management, and service acquisition.
Operational Controls
Regular procedures and actions by personnel. Managerial controls put into regular practice. People doing stuff. Examples: security training, regular backups, daily log checking.
Physical Controls
Safeguard the physical infrastructure. Examples: locks, security cameras, fences.
Preventive Controls
Aim to prevent security incidents from occurring in the first place. Examples: firewall configurations, secure passwords, multi-factor authentication.
Deterrent Controls
Discourage potential attackers through visible measures. Examples: warning signs, security cameras, alarm systems.
Detective Controls
Identify and log security incidents. Examples: intrusion detection systems, log monitoring, security audits.
Corrective Controls
Address issues after a security incident. Examples: patching vulnerabilities, restoring data from backups, reconfiguring firewalls.
Compensating Controls
Alternative modes of protection when standard measures aren’t feasible. Examples: using a proxy server instead of direct internet access, implementing additional monitoring, using isolation techniques.
Directive Controls
Mandate or enforce security policies that members of the organization must follow. Examples: mandatory security training, standard operating procedures, formal security guidelines.
