1.1 Security Controls

Question 1

What are the four main types of security controls in cybersecurity?

Answer 1

1. Technical
2. Managerial
3. Operational
4. Physical

Question 2

Technical Control

Answer 2

Implemented through technology-based security measures.

Question 3

Managerial Control

Answer 3

Implemented through policies, procedures, and governance to manage security risks.

Question 4

Operational Control

Answer 4

Implemented through human-driven processes for secure operations.

Question 5

Physical Control

Answer 5

Implemented to protect physical access to systems and infrastructure.

Question 6

What are the 6 security control functions?

Answer 6

1. Preventive
2. Deterrent
3. Detective
4. Corrective
5. Compensating
6. Directive

Question 6

Preventive

Answer 6

Stops security incidents before they happen (e.g., firewalls, encryption, MFA).

Question 7

Deterrent

Answer 7

Discourages threats by making attacks less appealing (e.g., security cameras, warning signs, fences, guard dogs).

Question 8

Detective

Answer 8

Identifies and alerts about security events (e.g., IDS, security logs)

Question 9

Corrective

Answer 9

Fixes issues after an incident occurs (e.g., backups, patching).

Question 10

Compensating

Answer 10

Provides alternative protection when a primary control isn’t available (e.g., extra monitoring when MFA isn’t possible).

Question 11

Directive

Answer 11

Enforces security policies and guidelines (e.g., security policies, procedures, banners).