Security Control Categories Flashcards
A category of security control that is implemented as a system (hardware, software, or firmware). _____ l controls may also be described as logical controls.
Technical
Ex - firewalls, AV software, OS access control models
A category of security control that is implemented by people.
Operational
Ex - Security Guards, training guards
A category of security control that gives oversight of the information system.
Managerial
Ex - Risk identification, tool allowing evaluation and selection of other controls
A type of security control that physically or logically restricts unauthorized access.
Preventive
Ex - ACL , Anti-Malware
A type of security control that acts during an incident to identify or record that it is happening.
Detective
Ex - Logs provide one of the best examples of detective-type controls.
A type of security control that acts after an incident to eliminate or minimize its impact.
used AFTER an attack
Corrective
Ex - backup system, patch managements system
A type of security control that acts against in-person intrusion attempts.
Physical
Ex - Alarms, gateways, locks, lighting, cameras, guards
A type of security control that discourages intrusion attempts.
Deterrent
Ex - Warning Signs, legal penalties
A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
Compentsating