Security Controls 1.1 Flashcards
Technical Controls
- Uses some form of technology to address a physical security issue.
Examples of Technical Controls
- Operating system controls
- Firewall, anti-virus
Operational Controls
- Controls implemented by people instead of systems.
- Relies more on people to set the controls.
Examples of Operational Controls
- Security guards
- Awareness programs
Managerial Controls
- Administrative controls associated with security design and implementation.
- Security policies which include standard operating procedures.
Examples of Managerial Controls
- Security policies
- Standard operating procedures
Physical Controls
- Prevent specific human interaction with a system.
Examples of Physical Controls
- Guard shack
- Fences, locks
- Badge readers
Preventive Control Types - Preventive
- Limits someones to a resource.
Preventive Control Types - Prevent Access
- Firewall rules.
- Follow security policy.
- Guard shack checks all identification.
- Enable door locks.
Preventative - Technical
Firewall, blocks access to a specific resource.
Preventative - Managerial
On-boarding policy
Preventative - Operational
Guard shack
Deterrent Control Types
- Discourage an intrusion attempt.
- Does not directly prevent access.
Preventative - Phyiscal
Door lock, preventing access to the a room.
Deterrent Control Types - Technical
Splash screen
Deterrent Control Types - Managerial
Demotion
Deterrent Control Types - Operational
Reception Desk, requires a person to operate.
Deterrent Control Types - Physical
Warning signs
Detective Control Types
- Identify and log an intrusion attempt.
- May not prevent access.
Detective Control Types - Technical
System logs
Detective Control Types - Operational
Property patrols
Detective Controls Types - Managerial
Review login reports
Detective Control Types - Physical
Motion detectors
Corrective Control Types
- Apply a control after an event has been detected.
- Reverse the impact of an event.
- Continue operating with minimal downtime.
Corrective Control Types - Technical
Backup recovery
Corrective Control Types - Managerial
Policies for reporting issues
Corrective Control Types - Operational
Contact authorities
Corrective Control Types - Physical
Fire extinguisher
Compensating Control Types
- Control using other means.
- Existing controls aren’t sufficient.
- May be temporary.
Purpose of Compensation Control Types
- Prevent the exploitation of a weakness
Compensating Control Types - Technical
Block instead of patch
Compensating Control Types - Managerial
Separation of duties
Compensating Control Types - Operational
Require multiple security staff.
Compensating Control Types - Physical
Power generator
Directive Control Types
- Direct a subject towards security compliance.
- A relatively weak security control.
Directive Control Types - Technical
File storage policies
Directive Control Types - Managerial
Compliance policies
Directive Control Types - Operational
Security policy training
Directive Control Types - Physical
Sign: Authorized personnel only.
AIC Triad - Integrity
- Messages cannot be modified with detection availability.
AIC - Availability
- Systems and networks must be up and running.
