Security Controls 1.1 Flashcards

1
Q

Technical Controls

A
  • Uses some form of technology to address a physical security issue.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Examples of Technical Controls

A
  • Operating system controls
  • Firewall, anti-virus
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Operational Controls

A
  • Controls implemented by people instead of systems.
  • Relies more on people to set the controls.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Examples of Operational Controls

A
  • Security guards
  • Awareness programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Managerial Controls

A
  • Administrative controls associated with security design and implementation.
  • Security policies which include standard operating procedures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Examples of Managerial Controls

A
  • Security policies
  • Standard operating procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Physical Controls

A
  • Prevent specific human interaction with a system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Examples of Physical Controls

A
  • Guard shack
  • Fences, locks
  • Badge readers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Preventive Control Types - Preventive

A
  • Limits someones to a resource.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Preventive Control Types - Prevent Access

A
  • Firewall rules.
  • Follow security policy.
  • Guard shack checks all identification.
  • Enable door locks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Preventative - Technical

A

Firewall, blocks access to a specific resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Preventative - Managerial

A

On-boarding policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Preventative - Operational

A

Guard shack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Deterrent Control Types

A
  • Discourage an intrusion attempt.
  • Does not directly prevent access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Preventative - Phyiscal

A

Door lock, preventing access to the a room.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Deterrent Control Types - Technical

A

Splash screen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Deterrent Control Types - Managerial

A

Demotion

18
Q

Deterrent Control Types - Operational

A

Reception Desk, requires a person to operate.

19
Q

Deterrent Control Types - Physical

A

Warning signs

20
Q

Detective Control Types

A
  • Identify and log an intrusion attempt.
  • May not prevent access.
21
Q

Detective Control Types - Technical

A

System logs

22
Q

Detective Control Types - Operational

A

Property patrols

23
Q

Detective Controls Types - Managerial

A

Review login reports

24
Q

Detective Control Types - Physical

A

Motion detectors

25
Q

Corrective Control Types

A
  • Apply a control after an event has been detected.
  • Reverse the impact of an event.
  • Continue operating with minimal downtime.
26
Q

Corrective Control Types - Technical

A

Backup recovery

27
Q

Corrective Control Types - Managerial

A

Policies for reporting issues

28
Q

Corrective Control Types - Operational

A

Contact authorities

29
Q

Corrective Control Types - Physical

A

Fire extinguisher

30
Q

Compensating Control Types

A
  • Control using other means.
  • Existing controls aren’t sufficient.
  • May be temporary.
31
Q

Purpose of Compensation Control Types

A
  • Prevent the exploitation of a weakness
32
Q

Compensating Control Types - Technical

A

Block instead of patch

33
Q

Compensating Control Types - Managerial

A

Separation of duties

34
Q

Compensating Control Types - Operational

A

Require multiple security staff.

35
Q

Compensating Control Types - Physical

A

Power generator

36
Q

Directive Control Types

A
  • Direct a subject towards security compliance.
  • A relatively weak security control.
37
Q

Directive Control Types - Technical

A

File storage policies

38
Q

Directive Control Types - Managerial

A

Compliance policies

39
Q

Directive Control Types - Operational

A

Security policy training

40
Q

Directive Control Types - Physical

A

Sign: Authorized personnel only.

41
Q

AIC Triad - Integrity

A
  • Messages cannot be modified with detection availability.
42
Q

AIC - Availability

A
  • Systems and networks must be up and running.