General Security Concepts Flashcards
Technical Controls
Controls implemented using hardware, software, and/or firmware.
Examples: Firewalls, anti-virus
Managerial Controls
Relate to risk management, governance, oversight, strategic alignment and decision making Examples: risk assessments, project management
Operational Controls
Aligned with a processes that are primarily implemented and executed by people.
Examples: change management, training, testing
Physical Controls
Designed to address physical interactions like connected to buildings.
Examples: gates, barricades, fences
Preventive Control
Stop a threat agent from being successful
Examples: Firewall rules, security policy, security guard, door locks
Deterrent Control
Discourage a threat agent from acting
Examples: posted warning signs, threat of demotion, splash screen, reception desk,
Detective Control
Identify and report a threat agent or action
Examples: System logs, review login reports, patrol the property, motion detectors
Corrective Control
Minimize the impact of a threat agent or modify or fix a situation
Examples: Backups, fire extinguisher, policies for reporting issues, contact authorities
Compensating Control
Controls implemented in lieu of a recommended control that provides comparable protection
Examples: Block instead of patch, separation of duties, require multiple security staff, power generator
Directive Control
Proactive actions taken to cause/encourage a desirable event or outcome to occur
Examples: Trainings, policies, and authorized personnel only sign
CIA Traid
Fundamentals of security
Confidentiality: prevents disclosure of information to unauthorized people or systems
Integrity: Information can’t be modified
Availability: Systems and networks must be up and running
Access Controls
Selectively restrict access to a resource
Hashing
Map data of a length to data of a fixed length
Digital signatures
Math scheme to verify the integrity of data
Certificates
Combine with a digital signature to verify an individual
