Objective 1.1 Flashcards
Compare and contrast various types of security controls
Security Controls Categories
- Technical Controls
- Managerial Controls
- Operational Controls
- Physical Controls
TMOP
- Technical Controls
- Managerial Controls
- Operational Controls
- Physical Controls
The technologies, hardware and software mechanisms that are implemented to manage and reduce risks.
Technical Controls
Examples of technical controls
- Antivirus
- Firewalls
- Encryption Processes
- Intrusion Detection Systems (IDS like SNORT)
Involve the strategic planning and governance side of security.
Is about making informed decisions and ensure that the organization is on the same security page.
Managerial Controls
Example of Managerial Control
- Conduct a risk assesment to understand the potential risks and vulnerabilities and assess if a tool implementation or a new network archtecture will align with the company’s broader risk strategy.
Managerial Contols encompass:
- Risk Assessment
- Security Policies
- Training Programs
- Incident Response Strategies
[Managerial Contols]
RiskAss
SecPo
TaingPo
IncResp
- Risk Assessment
- Security Policies
- Training Programs
- Incident Response Strategies
Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions.
Operational Controls
Examples of Operational Controls:
- Organization requires that you change your password every 90 days.
- Backup Procedures
- Account Reviews
- User Training Programs
Tangible, real-world measures taken to protect assets.
Physical Controls
Example of physical controls:
- Shredding of sensitive documents
- Security guards
- Locking the doors
- Cameras
Security Control Types
- Preventive Controls
- Deterrent Controls
- Detective Controls
- Corrective Controls
- Compensating Controls
- Directive Controls
Proactive mesaures implemented to thwart potential security threats or breaches
Preventive Controls
Aim to discourage potential attackers by making the effort seem less appealing or more challenging.
Deterrent Controls
Monitor and alert organizations to malicious activities as they occur or shortly thereafter.
Detective Controls
Mitigate any potential damage and restore the systems to their normal state.
Corrective Controls
Alternative measures that area implemented when primary security controls are not feasible or effective.
Compensating Control
Often rooted in policy or documentation and set the standards for behavior within an organization.
Directive Controls
Is a cybersecurity approach that assumes no user or system is trusted by default and requires continuous verification for access to organizational resources.
Zero Trust
Demands verification for every device, user, and transaction within the network, regardless of its origin.
Zero Trust
Zero Trust Planes
Control Plane
Data Plane
[Zero Trust] The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization.
Control Plane
[Zero Trust-CoP] Control Plane encompass…
- Adaptative Identity
- Threat Scope Reduction
- Policy-driven Access Control
- Secured Zones
[Zero Trust-CoP] Adaptative Identity
Use adaptative identity that rely on real-time identity validation that takes into account the user’s behavior, device, location, and more.
[Zero Trust-CoP] Threat Scope Reduction
Limit the users’ access to only what they need for their work tasks because ths drastically reduces the network’s potential attack surface.
[Zero Trust-CoP] Policy-Driven Access Control
Entails developing, managing, and enforcing user access policies based on their roles and responsabilities.
[Zero Trust-CoP] Secured Zones
Isolated environments within a network that are designed to house sensitive data.
[Zero Trust-CoP] Control Plane uses:
Policy ……..
Policy ……..
[Zero Trust-CoP] Control Plane uses:
Policy Engine
Policy Administrator
[Zero Trust-CoP] Policy Engine
Cross-references the access request with its predefined policies (like a rule book).
[Zero Trust-CoP] Policy Administrator
Used to establish and manage the access policies.
[Zero Trust] Data Plane
- Subject/System
- Policy Enforcement Point
[Zero Trust-DP] Subject/System
Refers to the individual or entity attempting to gain access.
[Zero Trust-DP] Policy Enforcement Point
Allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks.
Process of evaluating the differences between an oganization’s current performance and its desired performance.
Gap Analysis
Gap Analysis Steps
- Define the scope of the analysis
- Gather data on the current state of the organization
- Analyze the data to indentify the gaps
- Develop a plan to bridge the gap
2 types of gap analysis:
Technical Gap Analysis
Business Gap Analysis
Technical Gap Analysis
Involves evaluating an organization’s current technical infrastructure and indetifying any areas where it falls short of the technical capablities required to fully utilize their security solutions.
Business Gap Analysis
Involves evaluating and organization’s current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions.
Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed.
POA&M - Plan of Action and Milestones
Is a powerful tool that can help organizations to improve their security and their performance by identifying areas where improvements can be made.
Gap Analysis