Security Control Categories

Question 1

A category of security control that is implemented as a system (hardware, software, or firmware). _____ l controls may also be described as logical controls.

Answer 1

Technical

Ex - firewalls, AV software, OS access control models

Question 2

A category of security control that is implemented by people.

Answer 2

Operational

Ex - Security Guards, training guards

Question 3

A category of security control that gives oversight of the information system.

Answer 3

Managerial

Ex - Risk identification, tool allowing evaluation and selection of other controls

Question 4

A type of security control that physically or logically restricts unauthorized access.

Answer 4

Preventive

Ex - ACL , Anti-Malware

Question 5

A type of security control that acts during an incident to identify or record that it is happening.

Answer 5

Detective

Ex - Logs provide one of the best examples of detective-type controls.

Question 6

A type of security control that acts after an incident to eliminate or minimize its impact.

used AFTER an attack

Answer 6

Corrective

Ex - backup system, patch managements system

Question 7

A type of security control that acts against in-person intrusion attempts.

Answer 7

Physical

Ex - Alarms, gateways, locks, lighting, cameras, guards

Question 8

A type of security control that discourages intrusion attempts.

Answer 8

Deterrent

Ex - Warning Signs, legal penalties

Question 9

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Answer 9

Compentsating