Chapter 1 - Compare and contrast various types of security controls Flashcards
(41 cards)
What are the main control categories?
technical, managerial, operational, and physical
What are technical controls?
Technology-based measures such as firewalls and encryption
Where do technical controls play a crucial role?
Within an organisation’s technical systems, including computer networks software, and data management
What is the primary focus of technical controls?
Upholding system integrity, mitigating the risk of unauthorised access, and protecting sensitive data from potential threats
List two types of technical controls
Firewalls and data encryption
What do firewalls do?
Used to protect computer networks from unauthorised access. They monitor incoming and outgoing network traffic, filter and block potential threats, and reduce the risk of unauthorised intrusion
What is data encryption?
It is a technical control that converts sensitive information into a coded form, making it unreadable to unauthorised individuals
What do managerial controls encompass?
Implementation of policies, procedures, and practices by management to guide and direct the activities of individuals and teams. Through effective planning, organising, and performance monitoring, managerial controls ensure that employees are aligned with the organisation’s goals
List three types of managerial controls
Performance reviews, risk assessments, and code of conduct
What is a performance review?
Performance reviews are a managerial control that involves regular assessments of employee performance
What is a risk assessment?
Risk assessments are a managerial control that involves the systematic identification, evaluation, and mitigation of potential risks within an organisation
What is a code of conduct?
A code of conduct is a set of guidelines and ethical standards established by management to govern employee behavior
What are operational controls?
Operational controls revolve around the execution of day-to-day activities and processes necessary for delivering goods and services. They involve managing operational procedures, ensuring adherence to quality standards, enhancing productivity, and optimising efficiency
List three types of operational controls
Incident response procedures, security awareness training, and user access management
What are incident response procedures?
Incident response procedures are operational controls that outline the steps to be followed in the event of a security incident or breach
What is security awareness training?
Security awareness training is an operational control that educates employees about security threats, best practices, and organisational policies
What is user access management?
User access management is an operational control that involves the management and control of user access privileges to systems, applications, and data. It includes processes for user provisioning, access requests, access revocation, and periodic access reviews
Who implements technical controls?
The security team
What are physical controls?
Physical controls are a crucial aspect of overall security, focusing on the protection of an organization’s tangible assets, facilities, and resources. They encompass a range of measures and techniques aimed at preventing unauthorized access, ensuring safety, and mitigating physical security risks
List nine types of physical controls
Access control vestibule, biometric locks, guards/security personnel, security fences, CCTV serveillance systems, mantraps, vehicle barriers, tamper-evident seals, and panic buttons/alarms
What is an access control vestibule?
An access control vestibule is a small, enclosed area with two doors that creates a buffer zone between the outside environment and the secured area. It typically requires individuals to pass through multiple authentication steps (such as presenting an access card or undergoing biometric verification) before they can proceed into the secured area
What is a biometric lock?
Biometric locks use unique physical or behavioral characteristics, such as fingerprints, iris patterns, or facial recognition, to grant access
How do guards provide physical security?
They act as a visible deterrent and can provide physical intervention and response in case of security breaches
How do security fences provide physical security?
They deter unauthorized access to premises or a restricted area
