2 Fundamentals of Security: Objective 1.1 and 1.2 Flashcards
Compare and contrast various types of security controls
Technical Controls:
Preventive: Technical controls that aim to prevent security incidents or breaches from occurring. Examples include firewalls, antivirus software, and encryption.
Detective: Technical controls designed to identify and alert on security incidents or unauthorized activities. Examples include intrusion detection systems (IDS) and security information and event management (SIEM) systems.
Managerial Controls:
Directive: Managerial controls that provide guidance and establish policies, procedures, and standards to direct and support security efforts within an organization. Examples include security policies, standards, and guidelines.
Operational Controls:
Preventive: Operational controls that focus on processes and activities to prevent security incidents. Examples include security awareness training, access controls, and regular security assessments.
Deterrent: Operational controls that discourage potential attackers or unauthorized individuals from attempting security violations. Examples include security signage, visible security measures, and security patrols.
Detective: Operational controls that identify and respond to security incidents after they have occurred. Examples include monitoring, incident response plans, and security audits.
Physical Controls:
Preventive: Physical controls that restrict access and protect assets to prevent unauthorized physical access. Examples include access control systems, biometric scanners, and locked doors.
Detective: Physical controls that identify and respond to physical security incidents. Examples include surveillance cameras, motion detectors, and security guards.
