General Security Concepts Flashcards
Name four control categories
- Technical controls
- Managerial controls
- Operational controls
- Physical controls
Which control type is a relatively weak one and why?
- Directive control types
- It’s relatively weak because you basically just ask someone to follow the rules or to do or not do something
Name 6 control types
- Preventive controls (förebyggande)
- Deterrent controls (avskräckande)
- Detective controls (varning)
- Corrective controls (Korrigerande)
- Compensating controls (kompenserande)
- Directive controls (direktiv)
Explain operational controls
Operational controls is a control category and are controls implemented by people instead of systems, for example: awareness programs
Explain managerial controls
Managerial controls is a control category and are administrative controls like security policies. Also known as Governance in the term GRC
Explain technical controls
Technical crontrols is a control category and are controls implemented using systems, for example firewalls or anti-virus
What are preventive control types?
Preventive control types prevents something bad happening before it happens
What are detective control types?
Detective control types identifies/detect if something bad happens but does not necessarily prevent it
What are deterrent control types?
Deterrent control types “scares” someone to not do bad things due to the consequences
What are corrective control types?
Corrective control types corrects the problem and is applied after something bad has happened
What are compensating control types?
Compensating control types are used when existing controls aren’t enough
What are directive control types?
When you direct a subject towards security compliance, basically when you ask someone to do or not do something
When you collect and review a system log, what category and type of control is that?
Category: Technical
Type: Detective
When you restore a system with backup after an ransomware attack, what category and type of control is that?
Category: Technical
Type: Corrective
If you put up warning signs with consequences if you enter a specific room without permission, what category and type of control is that?
Category: Physical
Type: Deterrent
What is the CIA Triad and what do the letters stand for?
- The CIA Triad is the fundamentals of security
- C = Confidentiality
- I = Integrity
- A = Availability