1.2 Security Controls

Question 1

What are managerial controls?

Answer 1

Consist of managerial techniques and administrative procedures (e.g. security policies, hiring policies, disaster recovery plans, and business continuity plans)

Question 2

What are operational controls?

Answer 2

Controls that the team performs everyday (e.g. reviewing network monitoring data, ensuring that security cameras are working, requiring users to sign in)

Question 3

What are technical controls?

Answer 3

Based around software, applications, and security appliances (e.g. intrusion detection system, intrusion prevention system, access control apps, adaptive security appliances)

Question 4

What are some preventative controls?

Answer 4

Adaptive security appliances (consist of firewall and router combination that is capable of hosting IDS and IPS), simple updated antivirus, office access control

Question 5

What are some detective controls?

Answer 5

They inform the security team of an event that’s occurring or provide them with logs and artifacts to help investigate the event further (e.g. networking monitoring applications, log collectors, real-time monitoring alerts, IDSs)

Question 6

What are some corrective controls?

Answer 6

They attempt to fix any damage caused by an event (e.g. IPS, endpoint detection)

Question 7

What are some deterrent controls?

Answer 7

Access-protected doors, security cameras, security guards

Question 8

What are some physical deterrents?

Answer 8

Locked doors, motion sensors, fences