Control Types

Question 1

What are Managerial Controls?

Answer 1

Written by managers to create policies and procedures to reduce risk

Question 2

What are the types of Managerial Controls?

Answer 2

Annual Risk Assessment
Pentesting and Vulnerability Scanning

Question 3

What are Operational Controls

Answer 3

Executed by company personnel during day to day

Question 4

What are the types of Operation Controls?

Answer 4

Security Awareness Training
Change Management
Business Continuity

Question 5

What are Technical Controls?

Answer 5

Implemented by the IT team to reduce risk

Question 6

What are the types of Tech Controls?

Answer 6

Firewall Rules
Antivirus
Screen Savers
Screen Filters
IPS/IDS

Question 7

What are Deterrent Controls?

Answer 7

Measures to deter intruders away

Question 8

What are Detective Controls?

Answer 8

Measures to investigate incidents

Question 9

Corrective Controls?

Answer 9

Actions to recover from an incident

Question 10

Compensating Controls?

Answer 10

Secondary controls to be used in case of a failure

Question 11

Preventative Controls?

Answer 11

In place to deter attacks such as disabling accounts

Question 12

Access Controls?

Answer 12

Identification
Authentication
Authorization

Question 13

Discretionary Access Control?

Answer 13

Controls only given to a user to perform their job
Owner is the person that creates data and is responsible for authorizing who has access

Question 14

Mandatory Access Control (MAC)

Answer 14

Classification level of data

Question 15

Role Based Access Control?

Answer 15

A subset of a department carrying out duties

Question 16

Rule Based Access Control?

Answer 16

Giving access to all the people in a department

Question 17

Attribute Based Controls?

Answer 17

Access is given based on the attributes of an account

Question 18

Who is responsible for labeling data?

Answer 18

Steward

Question 19

Who stores and manages classified data?

Answer 19

Custodian