Security Controls Flashcards
What are security controls?
mechanisms that we employ to minimize exposure to risk and mitigate loss.
What is an administrative security control?
Organizational policies and training. These are the guidelines that define security education and training and awareness program.
A bunch of policies that are enforce with other security controls. BYOD, Least privilege
What is a technical security control?
Controls that are using technology to reduce vulnerabilities in hardware and software and enforcing administrative controls.
Usually technology devices are doing doing this type of security
Encryptions, antivirus, firewalls, SIEM (security information and event management)
What is an operational security control?
Day to day employee activities. - controls implemented by people
Ex. Scanning your badge before entering
Everyone using their MFA device
People reporting suspicious emails or text
Everyone locking their pcs before leaving their desk
What is a physical security control?
Physical safety and security devices. -
Security guard
CCTV
Lock doors
Biometrics
Explain preventive security control?
Proactive controls which act to prevent loss.
Ex. Hardening
Security awareness training
Change management
Explain detective security control?
Monitoring controls that detect and/or record
Ex. SIEM
Trend analysis
Log monitoring
Explain corrective security control?
Follow-up controls used to minimize the harm caused and prevent recurrence.
Fixing the issue.
Restoring backups
Disabling ports or protocols
Extinguishers or sprinklers
Explain Deterrent security control?
Visible controls designed to discourage attack or intrusion.
Ex.
Fence
Signs
Bollards (stop cars from ramming buildings)
Dogs
Explain compensating security control?
An unofficial control put in place that provides equivalent protection as the official control.
Ex.
Like a firewall rule until the official fix
Add more lighting or dogs
