5.1 Security Controls

Question 1

What are Managerial controls?

Answer 1

Security policies, standard operating procedures.

These address security design and implementation

Question 2

What are operational controls?

Answer 2

Security guards, awareness programs.

Controls implemented by people.

Question 3

What are technical controls?

Answer 3

Firewalls, anti-virus, etc.

Controls using systems.

Question 4

What are preventive controls?

Answer 4

Physically control access
Door lock
Security guard
Firewall

Question 5

What are detective controls?

Answer 5

They may not prevent access, just detect it.
Identifies and records intrusion attempts.
Motion detector, IDS

Question 6

What are corrective controls?

Answer 6

These are designed to mitigate damage.
IPS can block attacker
Backups can mitigate a ransomware infection
Backup site can provide options during weather storm

Question 7

What are deterrent controls?

Answer 7

May not directly prevent access.
Discourages intrusion attempt.
Warning sign, login banner, lights.

Question 8

What are compensating controls?

Answer 8

Doesn’t prevent attack. Restores by other means.
Re-image or restore from backup.
Hot site
Backup power system

Question 9

What are physical controls?

Answer 9

Fence, door lock, real-world security

Question 10

Note:

Answer 10

Some controls technologies fall under multiple categories