Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

5.0 - Governance, Risk, and Compliance > 5.1 Types of Controls > Flashcards

5.1 Types of Controls Flashcards

1
Q

A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.
• Security risks are out there
– Many different types to consider
• Assets are also varied
– Data, physical property, computer systems
• Prevent security events, minimize the impact,
and limit the damage
– Security controls

A

Security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Control category-

  • security controls that refer to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization’s security goals.
    – Controls that address security design and implementation
    – Security policies, standard operating procedures
A

Managerial controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Control category -
- The security controls that are primarily implemented and executed by people (as opposed to systems).
– Controls that are implemented by people
– Security guards, awareness programs

A

Operational controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
Control category- 
- also known as logic controls, use technology to reduce vulnerabilities in hardware and software. Automated software tools are installed and configured to protect these assets.
– Controls implemented using systems
– Operating system controls
– Firewalls, anti-virus

Examples of technical controls include:

  • Encryption
  • Antivirus And Anti-Malware Software
  • Firewalls
  • Security Information And Event Management (SIEM)
  • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
A

Technical controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Control type -
- controls that are designed to be implemented prior to a threat event and reduce and/or avoid the likelihood and potential impact of a successful threat event. Examples include policies, standards, processes, procedures, encryption, firewalls, and physical barriers.
– Physically control access
– Door lock
– Security guard
– Firewall
A

Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Control type -
– controls that provide visibility into malicious activity, breaches and attacks on an organization’s IT environment.
– controls that are designed to detect errors or irregularities that may have occurred. These controls include logging of events and the associated monitoring and alerting that facilitate effective IT management.
– May not prevent access
– Identifies and records any intrusion attempt
– Motion detector, IDS/IPS

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control type -
– controls are designed to correct errors or irregularities that have been detected; Include technical, physical, and administrative measures that are implemented to restore the systems or resources to their previous state after a security incident or an unauthorized activity.
– Designed to mitigate damage
– IPS can block an attacker
– Backups can mitigate a ransomware infection
– A backup site can provide options when a storm hits

A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Control type -

    • controls that attempt to discourage individuals from causing an incident.
    • reduce the likelihood of a deliberate attack and is usually in the form of a tangible object or person. Example of deterrent controls include: Cable Locks, Hardware Locks, Video surveillance & guards

– May not directly prevent access
– Discourages an intrusion attempt
– Warning signs, login banner

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Control type -

    • also called an alternative control, is a management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
    • This control should meet the following criteria:
  • Meet the intent of the original control requirement
  • Provide a similar level of assurance
– Doesn’t prevent an attack
– Restores using other means
– Re-image or restore from backup
– Hot site
– Backup power system
A

Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Control type -
– the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material. Examples of these controls are: Closed-circuit surveillance cameras. Motion or thermal alarm systems. Security guards.
– Fences, locks, mantraps
– Real-world security

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

5.0 - Governance, Risk, and Compliance (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions