Security Controls Flashcards

1
Q

Security control

A

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Managerial

A

A category of security control that provides oversight of information systems.
This can be Management-based techniques, policies and procedures, D.R.P.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Operational

A

A category of security control that is implemented by people.
This can be monitor function checks, Cameras, rounds, and visitor controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Technical

A

A category of security control that is implemented as a system.
software and network appliances ( IDS/IPS, Access controls apps, ASAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Physical

A

A category of security control that is implemented by hardware used to deter or detect, such as as alarms, gateways, locks, lighting, and security cameras.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Preventive

A

A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access control lists (ACLs)

A

The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Detective

A

A type of security control that acts during an incident to identify or record that it is happening.
Network monitor applications, logs, alerts and events, IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Corrective

A

A type of security control that acts after an incident to eliminate or minimize its impact.
fix events damage and works during and after. IPS and endpoint detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Directive

A

A type of control that enforces a rule of behavior through a policy or contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Deterrent

A

A type of security control that discourages intrusion attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Compensating

A

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Chief Information Officer (CIO)

A

A company officer with the primary responsibility of managing information technology assets and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Chief Technology Officer (CTO)

A

A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Chief Security Officer (CSO)

A

Typically, the job title of the person with overall responsibility for information assurance and systems security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information Systems Security Officer (ISSO)

A

Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.

17
Q
A