Chapter 2 - Exploring Control Types & Methods Flashcards
Controls implementation methods
Technical controls - using technology
Management controls - using administrative methods
Operational controls - for day-to-day operations
Common technical controls
Encryption Antivirus softare Intrusion Detection System (IDS) Firewall Least privilege
Technical physical controls examples
Motion detectors
Fire suppression systems
Common management controls
Risk assessments - quantify and qualify risks
Vulnerability assessments - discover current vulnerabilities
Penetration tests - attempt to exploit vulnerabilities
Common operational controls
Awareness & training Configuration & change management Contingency planning Media protection Physical & environmental protection
Control Goals Classification
DDCCP Preventive controls Detective Controls Corrective Controls Deterrent Controls (discourage individuals) Compensating controls
Preventive Controls examples
Hardening Security awareness and training Security guards Change management Account disablement policy
Detective Controls examples
Log monitoring Trend analysis Security audit Video surveillance Motion detection
Corrective Controls examples
Active IDS
Backups and system recovery
Deterrent Controls examples
Cable locks
Hardware locks
Physical Controls boundaries
Perimeter Buidling Secure work areas Server and network rooms Hardware
Door Access systems
Cipher locks
Proximity cards
Biometrics
Physical Controls examples
Door Access Systems ID Badges Mantraps (tailgating) Security guards Access lists and logs Video surveillance Fencing Motion detection Barricades Signs Hardware locks
Logical Access principles
Least privilege
Need to know
Group policy
Password policy settings
Password history Maximum password age Minimum password age Minimum password length Password length Password storage using reversible encryption