5.1 Security Controls Flashcards
What are Managerial controls?
Security policies, standard operating procedures.
These address security design and implementation
What are operational controls?
Security guards, awareness programs.
Controls implemented by people.
What are technical controls?
Firewalls, anti-virus, etc.
Controls using systems.
What are preventive controls?
Physically control access
Door lock
Security guard
Firewall
What are detective controls?
They may not prevent access, just detect it.
Identifies and records intrusion attempts.
Motion detector, IDS
What are corrective controls?
These are designed to mitigate damage.
IPS can block attacker
Backups can mitigate a ransomware infection
Backup site can provide options during weather storm
What are deterrent controls?
May not directly prevent access.
Discourages intrusion attempt.
Warning sign, login banner, lights.
What are compensating controls?
Doesn’t prevent attack. Restores by other means.
Re-image or restore from backup.
Hot site
Backup power system
What are physical controls?
Fence, door lock, real-world security
Note:
Some controls technologies fall under multiple categories
