Controls Flashcards
Security of network services
8.21 #Preventive
Data masking
8.11 #Preventive
Protection of records
5.33 #Preventive
Security of assets off-premises
7.9 #Preventive
Security testing in development and acceptance
8.29 #Preventive
Segregation of networks
8.22 #Preventive
Information security event reporting
6.8 #Detective
Contact with authorities
5.5 #Preventive #Corrective
Configuration management
8.9 #Preventive
Compliance with policies, rules, and standards for information security
5.36 #Preventive
Secure development life cycle
8.25 #Preventive
Storage media
7.10 #Preventive
Information security awareness, education, and training
6.3 #Preventive
Remote working
6.7 #Preventive
Assessment and decision on information security events
5.25 #Detective
Information security for use of cloud services
5.23 #Preventive
Installation of software on operational systems
8.19 #Preventive
Secure coding
8.28 #Preventive
Separation of development, test, and production environments
8.31 #Preventive
Use of privileged utility programs
8.18 #Preventive
Information security roles and responsibilities
5.2 #Preventive
Access rights
5.18 #Preventive
Access control
5.15 #Preventive
Secure authentication
8.5 #Preventive
Physical security perimeters
7.1 #Preventive
Protection against malware
8.7 #Preventive #Detective #Corrective
Managing information security in the ICT supply chain
5.21 #Preventive
Return of assets
5.11 #Preventive
Response to information security incidents
5.26 #Corrective
Information security in project management
5.8 #Preventive
Legal, statutory, regulatory, and contractual requirements
5.31 #Preventive
Responsibilities after termination or change of employment
6.5 #Preventive
Policies for information security
5.1 #Preventive
Screening
6.1 #Preventive
Capacity management
8.6 #Preventive #Detective
User endpoint devices
8.1 #Preventive
Threat intelligence
5.7 #Preventive #Detective #Corrective
Independent review of information security
5.35 #Preventive #Corrective
Authentication information
5.17 #Preventive
Management of technical vulnerabilities
8.8 #Preventive
Secure disposal or re-use of equipment
7.14 #Preventive
Use of cryptography
8.24 #Preventive
Working in secure areas
7.6 #Preventive
Collection of evidence
5.28 #Corrective
Documented operating procedures
5.37 #Preventive #Corrective
Protection of information systems during audit testing
8.34 #Preventive
Clear desk and clear screen
7.7 #Preventive
Test information
8.33 #Preventive
Physical entry
7.2 #Preventive
Monitoring, review, and change management of supplier services
5.22 #Preventive
Redundancy of information processing facilities
8.14 #Corrective
Labelling of information
5.13 #Preventive
Network security
8.20 #Preventive #Detective
Classification of information
5.12 #Preventive
Acceptable use of information and other associated assets
5.10 #Preventive
Physical security monitoring
7.4 #Preventive #Detective
Confidentiality or non-disclosure agreements
6.6 #Preventive
Contact with special interest groups
5.6 #Preventive #Corrective
Information backup
8.13 #Corrective
Web filtering
8.23 #Preventive
Information security incident management planning and preparation
5.24 #Corrective
Management responsibilities
5.4 #Preventive
Secure system architecture and engineering principles
8.27 #Preventive
Addressing information security within supplier agreements
5.20 #Preventive
Equipment siting and protection
7.8 #Preventive
Application security requirements
8.26 #Preventive
Intellectual property rights
5.32 #Preventive
Outsourced development
8.30 #Preventive #Detective
Learning from information security incidents
5.27 #Preventive
Terms and conditions of employment
6.2 #Preventive
Data leakage prevention
8.12 #Preventive #D
Segregation of duties
5.3 #Preventive
Information transfer
5.14 #Preventive
Privileged access rights
8.2 #Preventive
Information security in supplier relationships
5.19 #Preventive
Identity management
5.16 #Preventive
Change management
8.32 #Preventive
Supporting utilities
7.11 #Preventive #Detective
Access to source code
8.4 #Preventive
Protecting against physical and environmental threats
7.5 #Preventive
Monitoring activities
8.16 #Detective #Corrective
Logging
8.15 #Detective
Equipment maintenance
7.13 #Preventive
ICT readiness for business continuity
5.30 #Corrective
Inventory of information and other associated assets
5.9 #Preventive
Information access restriction
8.3 #Preventive
Information deletion
8.10 #Preventive
Clock synchronization
8.17 #Detective
Cabling security
7.12 #Preventive
Disciplinary process
6.4 #Preventive #Corrective
Information security during disruption
5.29 #Preventive #Corrective
Securing offices, rooms, and facilities
7.3 #Preventive
Privacy and protection of PII
5.34 #Preventive
