5.1 Governance - Controls

Question 1

Define managerial security controls (2)

Answer 1

1. Defining policies and procedures that the organization is expected to follow
2. Standard Operating Procedures

Question 2

Define operational security controls (2)

Answer 2

1. Controls that are managed by people
2. Security guards, awareness program about phishing

Question 3

Define technical security controls (2)

Answer 3

1. Systems-based controls
2. Anti-virus, firewalls

Question 4

Define preventative control type (2)

Answer 4

1. Something that prevents access
2. Locks on a door, firewall

Question 5

Define detective control type (2)

Answer 5

1. Identifies or records that a security event has occurred
2. Motion detectors, IDS

Question 6

Define corrective control type (2)

Answer 6

1. Control that mitigates damage by a security event
2. IPS, restoring data from backup

Question 7

Define deterrent control type (2)

Answer 7

1. Control that doesn’t prevent, but may deter a security event
2. Warning signs, login banner, lights

Question 8

Define compensating control type (2)

Answer 8

1. A control that recovers from an event by compensating for losses
2. Backup power or generators, purchasing a new laptop and restoring it from backup

Question 9

Define physical control type (2)

Answer 9

1. Something that physically provides security
2. Door locks, fence