Security Controls Flashcards
What are managerial controls?
Controls that address security design and implementation.
Security policies, standard operating procedures.
What are operational controls?
Controls that are implemented by people.
Security guards, awareness programs.
What are Technical controls?
Controls implemented using systems.
Operating system controls, firewalls, anti-virus.
What are preventative controls?
These are controls that control access to a particular area and are able to stop it.
Door locks
Security guards.
Firewalls.
What are detective controls?
These are controls that may not immediately control access but are able to identify and possibly record that a security event has happened.
Motion detectors
IDS
What is a corrective control?
These are designed to mitigate damage.
An IPS
Backups can mitigate a ransomware infection
A backup site can be a corrective control if there is a big storm.
What is a deterrent control?
These may not directly prevent access but they will discourage it.
Warning signs, login banner, lights around your building.
What is a compensating control?
These attempt to recover from an intrusion by compensating for the issues that were left behind.
For example if someone stole a laptop with all of our data we could compensate for that by buying a new laptop and restoring all of our data from a backup.
Or if someone cut the power to our data center we could have backup power systems that could compensate for that lack of power.
What are physical controls?
These are real world security.
Fences, locks, mantraps.
