Section 1: General Security Concepts Flashcards

1
Q

These are controls implemented through technology. They are often hardware or software based.

Examples: Firewalls, encryption, intrusion detection systems, authentication mechanisms, access controls.

Security Controls: Categories, Section 1.1

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

These controls involve strategies, governance, and the organizational approach to information security. They ensure the right policies and procedures are in place.

Examples: Risk assessments, security policies and procedures, security training programs, vendor management.

Security Controls: Categories, Section 1.1

A

Managerial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

These controls are often associated with day-to-day tasks and procedures that users or administrators follow.

Examples: Backup and recovery procedures, user awareness training, incident response procedures, change management.

Security Controls: Categories, Section 1.1

A

Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

These controls are designed to protect the environment of information assets.

Examples: Security guards, fences, locks, CCTV cameras, biometric access controls, secure server rooms, fire suppression systems

Security Controls: Categories, Section 1.1

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

These controls are designed to ensure that an incident or breach does not occur in the first place.

Examples: Firewalls, access controls, strong password policies, encryption, and security training.

Security Controls: Types, Section 1.1

A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

While they might not prevent a threat actor from performing a malicious act, they discourage them by increasing the risk or reducing the reward.

Examples: Warning banners (indicating legal consequences of unauthorized access), visible surveillance cameras, and “Account will be locked after three unsuccessful login attempts” mechanisms.

Security Controls: Types, Section 1.1

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

These controls are designed to discover unwanted or unauthorized activity.

Examples: Intrusion detection systems (IDS), audit logs, security information and event management (SIEM) systems, and anomaly detection.

Security Controls: Types, Section 1.1

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Once a security incident has been detected, these controls aim to limit the extent of the damage and take action to resolve the situation.

Examples: Anti‐virus software that quarantines malware, incident response teams, backup/restoration tools, and patches for known vulnerabilities.

Security Controls: Types, Section 1.1

A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

These controls come into play when primary controls are deemed ineffective or unfeasible. They provide alternative measures to achieve the same or similar security objectives.

Examples: If a system cannot support multifactor authentication (a primary control), a stringent password policy and continuous user behavior monitoring might be applied.

Security Controls: Types, Section 1.1

A

Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

These controls are used to guide or constrain user actions, usually by stipulating mandatory or recommended actions.

Examples: Acceptable use policies, security policies, guidelines, procedures, and
standards.

Security Controls: Types, Section 1.1

A

Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly