Chapter 1 - Compare and contrast various types of security controls

Question 1

What are the main control categories?

Answer 1

technical, managerial, operational, and physical

Question 2

What are technical controls?

Answer 2

Technology-based measures such as firewalls and encryption

Question 3

Where do technical controls play a crucial role?

Answer 3

Within an organisation’s technical systems, including computer networks software, and data management

Question 4

What is the primary focus of technical controls?

Answer 4

Upholding system integrity, mitigating the risk of unauthorised access, and protecting sensitive data from potential threats

Question 5

List two types of technical controls

Answer 5

Firewalls and data encryption

Question 6

What do firewalls do?

Answer 6

Used to protect computer networks from unauthorised access. They monitor incoming and outgoijng network traffice, filter and block ptoential threats, and reduce the risk of unauthorised intrusion

Question 7

What is data encryption?

Answer 7

It is a technical control that converts sensitive information into a coded form, making it unreadable to unauthorised individuals

Question 8

What do managerial controls encompass?

Answer 8

Implementation of policies, procedures, and practices by management to guide and direct the activities of individuals and teams. Through effective planning, organising, and performance monitoring, managerial controls ensure that employees are aligned with the organisation’s goals

Question 9

List three types of managerial controls

Answer 9

Performance reviews, risk assessments, and code of conduct

Question 10

What is a performance review?

Answer 10

Performance reviews are a managerial control that involves regular assessments of employee performance

Question 11

What is a risk assessment?

Answer 11

Risk assessments are a managerial control that involves the systematic identification, evaluation, and mitigation of potential risks within an organisation

Question 12

What is a code of conduct?

Answer 12

A code of conduct is a set of guidelines and ethical standards established by management to govern employee behavior

Question 13

What are operational controls?

Answer 13

Operational controls revolve around the execution of day-to-day activities and processes necessary for delivering goods and services. They involve managing operational procedures, ensuring adherence to quality standards, enhancing productivity, and optimising efficiency

Question 14

List three types of operational controls

Answer 14

Incident response procedures, security awareness training, and user access management

Question 15

What are incident response procedures?

Answer 15

Incident response procedures are operational controls that outline the steps to be followed in the event of a security incident or breach

Question 16

What is security awareness training?

Answer 16

Security awareness training is an operational control that educates employees about security threats, best practices, and organisational policies

Question 17

What is user access management?

Answer 17

User access management is an operational control that involves the management and control of user access privileges to systems, applications, and data. It includes processes for user provisioning, access requests, access revocation, and periodic access reviews

Question 18

Who implements technical controls?

Answer 18

The security team

Question 19

What are physical controls?

Answer 19

Physical controls are a crucial aspect of overall security, focusing on the protection of an organization’s tangible assets, facilities, and resources. They encompass a range of measures and techniques aimed at preventing unauthorized access, ensuring safety, and mitigating physical security risks

Question 20

List nine types of physical controls

Answer 20

Access control vestibule, biometric locks, guards/security personnel, security fences, CCTV serveillance systems, mantraps, vehicle barriers, tamper-evident seals, and panic buttons/alarms

Question 21

What is an access control vestibule?

Answer 21

An access control vestibule is a small, enclosed area with two doors that creates a buffer zone between the outside environment and the secured area. It typically requires individuals to pass through multiple authentication steps (such as presenting an access card or undergoing biometric verification) before they can proceed into the secured area

Question 22

What is a biometric lock?

Answer 22

Biometric locks use unique physical or behavioral characteristics, such as fingerprints, iris patterns, or facial recognition, to grant access

Question 23

How do guards provide physical security?

Answer 23

They act as a visible deterrent and can provide physical intervention and response in case of security breaches

Question 24

How do security fences provide physical security?

Answer 24

They deter unauthorized access to premises or a restricted area

Question 25

How do CCTV surveillance systems provide physical security?

Answer 25

They use cameras to monitor and record activities in specific areas

Question 26

How do mantraps provide physical security?

Answer 26

Mantraps are enclosed areas that allow only one person at a time to pass through

Question 27

What form can vehicle barriers take?

Answer 27

Vehicle barriers can take the form of bollards, gates, tire spikes, or hydraulic barriers

Question 28

How do tamper-eviden seals provide physical security?

Answer 28

Tamper-evident seals are used to secure containers, equipment, or sensitive areas. These seals are designed to show visible signs of tampering or unauthorized access, such as a broken seal or a change in color, indicating that someone has attempted to gain access or tamper with the secured item

Question 29

How do panic buttons / alarms provide physical security?

Answer 29

Panic buttons or alarms provide a quick and visible means of alerting security personnel or authorities in case of an emergency or security breach

Question 30

What are control types?

Answer 30

They are essential components of an effective management system that help organisations achieve their objectives and ensure the smooth operation of processes

Question 31

List six types of control types

Answer 31

Preventive, deterrent, detective, corrective, compensating, and directive

Question 32

What are preventive controls?

Answer 32

These controls are designed to prevent problems or risks from occurring in the first place. They focus on eliminating or minimising potential threats before they can cause harm

Question 33

Give three examples of preventive controls

Answer 33

Examples of preventative controls include firewalls, employee training programs, and quality control checks

Question 34

What are deterrent controls?

Answer 34

Deterrent controls aim to discourage individuals from engaging in undesirable behaviors or activities. They create a perception of risk or negative consequences to deter potential offenders

Question 35

Give three examples of deterrent controls

Answer 35

Surveillance cameras, warning signs, and strong passwords and multi-factor authentication

Question 36

What are corrective controls?

Answer 36

Corrective controls are put in place to address problems or risks after they have been identified. They aim to rectify the situation, mitigate the impact, and restore normalcy

Question 37

List two examples of corrective controls

Answer 37

A backup and recovery system to restore data after a system failure and implementing fixes or patches to address software vulnerabilities

Question 38

What are compensating controls?

Answer 38

Compensating controls are alternative measures implemented when primary controls are not feasible or sufficient. They help offset the limitations or deficiencies of other controls

Question 39

List three examples of compensating controls

Answer 39

Examples of compensating controls include requiring additional layers of approval for financial transactions in the absence of automated control systems, utilizing a secondary authentication method when the primary method fails or is unavailable, and increasing physical security measures when technical controls are compromised

Question 40

What are directive controls?

Answer 40

Directive controls involve providing specific instructions or guidelines to ensure compliance with policies, procedures, or regulations. They establish a clear framework for employees to follow

Question 41

Give three examples of directive controls

Answer 41

Examples of directive controls include a code of conduct or ethical guidelines that outline acceptable behavior within an organisation, standard operating procedures (SOPs) that detail step-by-step instructions for completing tasks, and regulatory requirements that mandate specific reporting procedures for financial institutions