Security Controls 1.1 Flashcards
What are the 4 categories of Security Controls
Technical
Managerial
Operational
Physical
[…] are implemented with some type of technical system
- Firewalls
- Anti Virus
- OS system controls
Technical Controls
[…] controls are policies dictating security design/implementation
- Security Policies
- Standard Operating Procedures
Managerial Controls
[…] controls are implemented by people instead of systems
- Security Guards
- Awareness Programs
Operational Controls
[…] controls limit physical access
- Fences
- Locks
- Badge Readers
Physical Controls
[…] Control type limits access to a particular resource
- Firewall Rules
- Door Locks
- Guard Shack checking all ID
- On boarding policy
Preventive Control Type
[…] control type discourages an intrusion attempt and
makes an attacker think twice
- Threat of demotion
- Front reception desk
- Posted warning signs
- Splash screen
Deterrent Control Type
[…] control type identifies and logs an intrusion attempt
- Collect / Review of system logs
- Review login reports
- Regularly patrol the property
- Motion Detectors
Detective Control Type
[…] control type applies a control after an event has been detected in an effort to reverse the impact
- Restoring from backups
- Fire extinguishers
- Contact law enforcement to manage criminal activity
Corrective Control Type
[…] control type is used while a plan is put together to solve the incident
- Firewall blocks an application while waiting for a patch
- Generator
- Separation of duties
- Simultaneous guard duties
Compensating Control Type
[…] control type is directing users towards security compliance and has relatively weak security control
- Store sensitive files in a protected folders
- Create compliance policies and procedures
- Train users on security policy
- Post a sign for “Authorized Personnel Only”
Directive Control Type
