Security Controls Flashcards
Security control
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.
Managerial
A category of security control that provides oversight of information systems.
This can be Management-based techniques, policies and procedures, D.R.P.
Operational
A category of security control that is implemented by people.
This can be monitor function checks, Cameras, rounds, and visitor controls
Technical
A category of security control that is implemented as a system.
software and network appliances ( IDS/IPS, Access controls apps, ASAs
Physical
A category of security control that is implemented by hardware used to deter or detect, such as as alarms, gateways, locks, lighting, and security cameras.
Preventive
A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.
Access control lists (ACLs)
The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).
Detective
A type of security control that acts during an incident to identify or record that it is happening.
Network monitor applications, logs, alerts and events, IDS
Corrective
A type of security control that acts after an incident to eliminate or minimize its impact.
fix events damage and works during and after. IPS and endpoint detection.
Directive
A type of control that enforces a rule of behavior through a policy or contract.
Deterrent
A type of security control that discourages intrusion attempts.
Compensating
A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
Chief Information Officer (CIO)
A company officer with the primary responsibility of managing information technology assets and procedures.
Chief Technology Officer (CTO)
A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.
Chief Security Officer (CSO)
Typically, the job title of the person with overall responsibility for information assurance and systems security.