Section 1.1 - Security Controls Flashcards
What are security controls used for?
Security Controls are used to prevent security events, minimize the impact, and limit the damages of security events.
What are technical controls?
These are controls that we implement using some type of a technical system such as:
- Operating System Controls (Policies)
- Firewalls
- Antivirus
What are managerial controls?
Managerial controls are documentations such as Security Policies Documentation or Standard Operating Procedures (SOP).
What are operational controls?
Operational controls use people to set security controls, such as security guards, security awareness programs.
What are physical controls?
These are controls that would limit someones physical access to a room, building or system. Type of physical controls are:
- Guard Shack, Fences, Locks, Badge Readers
What are the control types?
Control types are Preventive, Deterrent, Detective, Corrective, Compensating, Directive
What is preventive control type?
This control type prevents someones access to a specific resource. These are usually
- (technical) firewall rules,
- (physical) door locks,
- (operational) guard shack checking identification,
- (managerial) policy documentation.
What is deterrent control type?
Deterrent control types tries to discourage someone from an intrusion attempt.
Examples of this control type are
- (technical) application splash screens asking to log in,
- (managerial) threat of demotion (if they access unintended data),
- (physical) posted warning signs
- (operational) reception desk check in
What is detective control type?
Detective control types identify and log an intrusion attempt. This control type may not prevent the intrusion, but it warns that an intrusion is occurring.
Examples of this control type are:
- (technical) Review of system logs,
- (managerial) review logging report,
- (operational) regular patrol of the property,
- (physical) enabling of motion detectors.
What is a corrective control type?
A corrective control is something that occurs after the security event has been detected. It’s used to reverse the impact of the event, or allow to continue operating with minimal downtime.
Examples of this security control are:
- (technical) Restoring from backups to mitigate a ransomware infection
- (operational) Contacting law enforcement
- (managerial) Create policies for how to mitigate security controls
- (physical) Use fire extinguisher
What is compensating control type?
A compensating control type uses other means temporarily to mitigate security events.
Examples of this security control are:
- (technical) Firewall blocking a specific application instead of patching the app
- (managerial) Implementing a separation of duties
- (operational) Requiring increased guard duties
- (physical) Using a generator in case of power loss
What is a directive control type?
A directive control type means you are directing someone to do something more secure.
Example:
- (technical) Requiring everyone to store sensitive files in a protective folder
- (managerial) Creating compliance policies and procedures
- (operational) Training users on proper security policies
- (physical) Posting a sign “Authorized Personnel Only”