Security Controls Flashcards
Security+
What are detective controls used for?
To identify and log intrusion attempts.
Give an example of a detective control.
Collecting and reviewing system logs.
What are the types of assets that security controls protect?
Data, physical property, computer systems.
What is the purpose of preventive controls?
To block access to resources and prevent security events.
What are corrective controls used for?
To apply controls after an event has been detected and reverse its impact.
What type of controls are firewalls and anti-virus systems?
Technical controls.
What is an example of an operational control?
Security guards or awareness programs.
What are physical controls designed to do?
Limit physical access to assets.
What is a compensating control?
A control used when existing controls aren’t sufficient.
How can ransomware impact be mitigated?
By restoring from backups.
What do directive controls aim to do?
Direct subjects towards security compliance.
What is the purpose of deterrent controls?
To discourage intrusion attempts.
Provide an example of a directive control.
Guard shack checks all identification.
What is an example of a preventive control?
Implementing firewall rules.
What can a well-placed warning sign act as?
A deterrent control.
How do administrative controls contribute to security?
Through policies and procedures for security design and implementation.
What are security controls?
Measures implemented to protect systems and data from threats.
Why are security controls categorized?
To better manage and implement them based on specific needs and risks.
Name one category of security controls.
Technical controls.
What is an example of a technical control?
Firewalls.
Can a security control exist in multiple categories?
Yes, some controls may fit multiple categories.
Why might an organization combine types of security controls?
To create a more integrated security approach tailored to their needs.
What drives the creation of new security controls?
The evolution of systems and processes.
Why is it important to regularly update security controls?
To address emerging threats and vulnerabilities.
What is the difference between administrative and technical controls?
Administrative controls focus on policies and procedures, while technical controls use technology to protect systems.
How can an organization’s security controls vary?
Based on their specific environment, risks, and regulatory requirements.
