Security Controls

Question 1

What are Managerial Security Controls?

Answer 1

Managerial Security Controls, Also known as administrative controls, are focused on managing risk through documented procedures.

Examples of Managerial Security Controls:
1. Organizational Security Policy
2. risk assessments
3. vulnerability assessments

Question 2

What are Operational Security Controls?

Answer 2

Operational Security Controls are Focused on the day-to-day procedures of an organization and are Used to ensure that the equipment continues to work as specified. These controls are Primarily implemented and executed by people (as opposed to systems).

Examples of Operational Security Controls:
1. Configuration management
2. Data backups
3. awareness programs

Question 3

What are Technical Security Controls?

Answer 3

Technical Security Controls, also sometimes called logical security controls, are executed by computer systems and implemented with technology.

Examples of Technical Security Controls:
1. Encryption protocols
2. Firewall ACLS
3. Authentication protocols

Question 4

What are Preventative Security Controls?

Answer 4

Preventative Security Controls are controls that are designed to prevent security incidents from occurring in the first place. Preventative controls are typically technical in nature, but they can also include administrative and physical controls.

Examples of Preventative Controls:
1. Security guards
2. System hardening
3. Separation of duties

Question 5

What are Detective Security Controls?

Answer 5

Detective Security Controls are designed to detect security incidents after they have occurred. Detective controls are typically technical in nature.

Examples of Detective Controls:
1. Log monitoring
2. security audits
3. CCTV
4. IDS/IPS

Question 6

What are Corrective Security Controls?

Answer 6

Corrective Security Controls are designed to recover from security incidents and minimize their impact. Corrective controls are typically technical in nature.

Examples of Corrective Controls:
1. Backup and recovery procedures
2. Incident response plans
3. Disaster recovery plans
4. Fire suppression systems

Question 7

What are Deterrent Security Controls?

Answer 7

deterrent security controls are designed to discourage individuals from performing malicious activities. Deterrent controls are typically physical or administrative in nature.

Examples of Deterrent Controls:
1. Warning signs
2. Lighting
3. Login banners
4. awareness training

Question 8

What are Compensating Security Controls?

Answer 8

Compensating Security Controls are designed to mitigate the risk of a security control that is not implemented or that is not effective. Compensating controls are typically technical in nature.

Examples of Compensating controls:
1. Backup Power System (BPS)
2. Sandboxing
3. Temporary port blocking