Chapter 2 - Exploring Control Types & Methods Flashcards

1
Q

Controls implementation methods

A

Technical controls - using technology
Management controls - using administrative methods
Operational controls - for day-to-day operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Common technical controls

A
Encryption
Antivirus softare
Intrusion Detection System (IDS)
Firewall
Least privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Technical physical controls examples

A

Motion detectors

Fire suppression systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Common management controls

A

Risk assessments - quantify and qualify risks
Vulnerability assessments - discover current vulnerabilities
Penetration tests - attempt to exploit vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Common operational controls

A
Awareness & training
Configuration & change management
Contingency planning
Media protection
Physical & environmental protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Control Goals Classification

A
DDCCP
Preventive controls
Detective Controls
Corrective Controls
Deterrent Controls (discourage individuals)
Compensating controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Preventive Controls examples

A
Hardening
Security awareness and training
Security guards
Change management
Account disablement policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Detective Controls examples

A
Log monitoring
Trend analysis
Security audit
Video surveillance
Motion detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Corrective Controls examples

A

Active IDS

Backups and system recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Deterrent Controls examples

A

Cable locks

Hardware locks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Physical Controls boundaries

A
Perimeter
Buidling
Secure work areas 
Server and network rooms
Hardware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Door Access systems

A

Cipher locks
Proximity cards
Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Physical Controls examples

A
Door Access Systems
ID Badges
Mantraps (tailgating)
Security guards
Access lists and logs
Video surveillance
Fencing
Motion detection
Barricades
Signs
Hardware locks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Logical Access principles

A

Least privilege
Need to know
Group policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Password policy settings

A
Password history
Maximum password age
Minimum password age
Minimum password length
Password length
Password storage using reversible encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Account disablement policy

A

Terminated employee
Leave of absence
Delete account (60-90 days)

17
Q

Managing accounts

A
Disabling and Deleting accounts
Recovering accounts
Prohibiting generic accounts
Restricting access based on time of day
Expiring accounts
Reviewing account access
Credential management
18
Q

Access Control models

A

Role-Based Access Control
Rule-Based Access Control
Discretionary Access Control
Mandatory Access Control