Security Controls Flashcards
What are the categories of Security Controls
■ Technical Controls
● Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks
■ Managerial Controls
● Sometimes also referred to as administrative controls
● Involve the strategic planning and governance side of security
■ Operational Controls
● Procedures and measures that are designed to protect data on a
day-to-day basis
● Are mainly governed by internal processes and human actions
■ Physical Controls
● Tangible, real-world measures taken to protect assets
What are the types of Security Controls
■ Preventive Controls
● Proactive measures implemented to thwart potential security threats or breaches
■ Deterrent Controls
● Discourage potential attackers by making the effort seem less appealing
or more challenging
■ Detective Controls
● Monitor and alert organizations to malicious activities as they occur or shortly thereafter
■ Corrective Controls
● Mitigate any potential damage and restore our systems to their normal
state
■ Compensating Controls
● Alternative measures that are implemented when primary security
controls are not feasible or effective
■ Directive Controls
● Guide, inform, or mandate actions
● Often rooted in policy or documentation and set the standards for
behavior within an organization
