Access Control Flashcards
Access Control categories
Administrative (Directive)
Technical
Physical
Administrative control
Organizational policies and procedures (Based on organizational policies)
Regulation
Training and awareness
Includes how to hire and fire people
Technical Controls
Logical controls
Hardware/software/firmware - firewall, router, encryption
Physical Controls
Locks, fences, guards, dogs, gates, bollards, fence, posts with guards, doors with card swipe
Access Control Types
Preventative
Detective
Corrective
Recovery
Deterrent
Compensating
many can be multiple types
Preventative
Prevent action from happening
Examples least privileged, drug test, IPS, firewall, encryption
Detective
Control that detect during or after an attack
Examples IDS, CCTV, alarms, antivirus
Corrective
Control that correct an attack
Examples antivirus, patches, IPS
Recovery
Control that helps us recover after an attack
Disaster recovery environment, backups, high availability environments
Deterrent
Controls that deter an attack
Examples fences, security guards, dogs, lights, beware of dogs sign
Compensating
Controls that compensate other controls that are impossible or too costly to implement