Section 2.13 Security control categories Flashcards
Objectives 1.1 Compare and contrast various types of security controls Objectives 1.2 - Summarise fundamental security concepts
4 broad categories
Security Control categories
TMOP
- Technical controls
- Managerial/Administrative controls
- Operational controls
- Physical controls
Security is about the layers of protection that combine to form a robust security posture
1
Technical Controls
Technologies, hardware and software mechanisms that are implemented to manage and reduce risks
e.g installing anti-virus software which automatially detects malicious files when downloaded
e.g Firewalls. Encryption processes, Intrusion Detection system
2
Managerial/Administrative controls
PL&GO
Strategic planning and governance side of security
e.g If an organisation wants to adopt cloud storage solution the managerial team will conduct a risk assessment before decision.
e.g Security policies, training programs, incident response strategies
3
Operational controls
Protect data on a day to day basis. These are mainly governed by internal processes and human actions
e.g if your organisation wants you to change your password every 90 days - this is considered oeprational control
e.g Back up procedures. Account reviews, user training programs
4
Physical controls
Tangible, real world measures taken to protect assests
e.g Security cameras to prevent unauthorised physical access
e.g Shredding sensitive documents, security guards, locking the doors
