Security Controls Flashcards

1
Q

What are technical controls

A

controls implemented using systems, firewalls, anti-virus, operating system controls
Access controls
Firewalls
Encryption
Endpoint security
Security information and event management (SIEM)
Vulnerability management
Secure configuration management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are managerial controls

A

administrative controls associated with security design and implementation
security polices, standard operating procedures
Security Policies and procedures
Security Awareness and training
Access control and identity management
Compliance and legal requirements
Incident response and management
Business continuity and disaster recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what are operational controls

A

controls implemented by people instead of systems, security guards, awareness programs
Change Management
Incident response and management
Patch management
Backup and recovery
Security monitoring and logging
Access control management
Security awareness and training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what are physical controls

A

limit physical access, guard shack, fences, locks, badge reader
Perimeter security
Access control
Surveillance and monitoring
Environmental controls
Asset management
Physical security policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what are preventive controls

A

block access to a resource, you shall not pass, firewall rules, follow security policy, guard shack checks all id, enable door locks
Access control
Firewalls and network segmentation
Encryption
Application Security Controls
Physical security measures
Configuration management
Employee training and awareness
Change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are deterrent control types

A

discourage an intrusion attempt, does not directly prevent access, make an attacker think twice, application splash screens, threat of demotion, front reception desk, posted warning signs
Visible security signage
Physical barriers
Access control measures
Surveillance and monitoring
Physical security lighting
Identification and branding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are detective control types

A

identify and log an intrusion attempt, may not prevent access, collect and review system logs, review login reports, regularly patrol the property, enable motion detectors
Event logging
Security information and event management
Intrusion detection systems
Vulnerability scanning
Security incident detection
Security testing and penetration testing
Forensic analysis and investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what are corrective control types

A

apply a control after an event has been detected, reverse the impact of an event, continue operating with minimal downtime, correct the problem, restoring from backups can mitigate a ransomware infection, create policies for reporting security issues, contact law enforcement to manage criminal activity, use a fire extinguisher
Incident response procedures
Containment and eradication
Root cause analysis
Patch management
Access control remediation
Data recovery and restoration
Policy and procedure updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what are compensating control types

A

control using other means, existing controls aren’t sufficient, may be temporary, firewall blocks a specific application instead of patching the app, implement a separation of duties, require simultaneous guard duties, generator used after power outage
Manual controls
Procedural controls
Operational controls
Physical controls
Administrative controls
Compensating security measures
Third party controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what are directive control types

A

direct a subject towards security compliance, a relatively weak security control, instead you can store all sensitive files in a protective folder, create compliance policies and procedures, train users on proper security policy and post a sign for authorized ‘personnel only’
Security Policies
Standards and Guidelines
Access control policies
Compliance requirements
Data protection policies
Risk management policies
Incident response policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly