Section 16.155 Selecting Infrastructure Controls Flashcards
Objective 3.2 Given a scenario, you must be able to apply security principles to secure enterprise architecture. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security
Control
A protective measure put in place to reduce potential risks and safeguard an organisations assets
Key Principles
Least Privilege
Users and systems should have only necessary access rights to reduce the attack surface
Key Principles
Defense in Depth
Utilise multiple layers of security to ensure robust protection even if onecontrol fails
Key Principles
Risk-based Approach
Prioritise controls based on potential risks and vulnerabilities specific to the infrastructure
Key Principles
Lifecycle Management
Regularly review, update, and retire controls to adapt to the evolving threat landscape
Key Principles
Open Design Principle
Ensure transparency and accountability through rigorous testing and scrutiny of controls
Methodology
Assess Current State
Understand existing infrastructure, vulnerabilities, and current controls
Methodology
Gap Analysis
Identify discrepancies between current and desired security postures
Methodology
Set Clear Objectives
Define specific goals for adding new controls (data protection, uptime, compliance, etc.)
Benchmarking
Compare your organization’s processes and security metrics with industry best practices
Methodology
Cost-Benefit Analysis
Evaluate the balance between desired security level and required resources
Methodology
Stakeholder Involvement
Engage relevant stakeholders to ensure controls align with business
operations
Methodology
Monitoring and Feedback Loops
Continuously revisit control selection to adapt to evolving threats
Best Practices
Conduct Risk Assessment
Regularly assess threats and vulnerabilities specific to your organisation and update it with significant changes
Best Practices
Align with Frameworks
Utilise established frameworks (e.g., NIST, ISO) to ensure comprehensive and tested methodologies
