Security Controls Flashcards
What are Security Controls?
They are measures put in place to safeguard systems, data, and information from various threats and risks. They act as barriers or countermeasures to protect assets and reduce vulnerabilities. These controls can be technical, physical, or administrative in nature, such as firewalls, policies, and security cameras.
What are the differences between security control categories vs. types?
Control categories are about the nature or domain of the control (technical, managerial, etc.), whereas control types refer to the function or purpose of the control (preventive, detective, etc.).
What is the purpose of a preventive security control type? EX: Access control systems, security training, antivirus software
To prevent security incidents before they occur
What is the purpose of a deterrent security control type? EX: Security signage, visible surveillance cameras, security awareness
To discourage security violations
What is the purpose of a detective security control type? EX: Intrusion detection systems, log monitoring, audits
To detect and identify security breaches that occur
What is the purpose of a corrective security control type? EX: Patch management, incident response plans, system backups
To correct and restore systems after a security breach
What is the purpose of a compensating security control type? EX: Additional monitoring, manual processes in case of automated failure
To provide alternatives when existing controls are not feasible or effective
What is the purpose of a directive security control type? EX: Security policies, procedures, standards mandating specific behaviors
To direct, confine, or control actions of individuals
What are technical security controls?
Technical security controls are measures implemented within hardware or software systems to mitigate vulnerabilities and protect against various cyber threats. These controls use logic, algorithms, or software-based solutions to enforce security policies, monitor activities, and prevent or detect unauthorized access or malicious activities.
What is the purpose of technical controls?
The primary goal of technical controls is to defend against unauthorized access and cyber threats, ensure the confidentiality, integrity, and availability of data, and support the secure operation of applications and computing systems.
What are managerial controls?
Managerial controls are high-level security measures that focus on strategic planning, governance, and oversight of security policies and procedures. They are established by senior management to ensure that security objectives align with the organization’s overall goals and objectives.
What is the purpose of managerial controls?
The purpose of managerial controls is to ensure that the organization’s security policies are being effectively implemented and adhered to. They aim to manage risk, ensure compliance with legal and regulatory requirements, and foster a culture of security within the organization.
What are operational controls?
Operational controls are detailed procedures and practices executed by people and implemented to support and enforce the security policies established by management. They are the day-to-day activities and processes designed to implement, monitor, and maintain security measures.
What is the purpose of operational controls?
The primary purpose of operational controls is to ensure that the day-to-day operations of an organization align with its overall security strategy. They are designed to mitigate risks through regular, routine activities and actions carried out by staff members. These controls are essential in bridging the gap between strategic security policies (managerial controls) and the technical safeguards (technical controls) put in place.
What are physical controls?
Physical controls are the tangible and concrete measures we take to protect our organization’s facilities, hardware, and sensitive information from unauthorized physical access, damage, and environmental threats.
What is the purpose of physical controls?
The primary aim of physical controls is to prevent direct physical access to sensitive areas and assets, such as data centers, server rooms, and network hardware. These controls are vital for preventing damage to, or theft of, physical devices and for ensuring that the physical components of an organization’s IT infrastructure are secure from both internal and external threats.
What is a threat? EX: Hackers attempting to gain unauthorized access to a system, malware infections, or physical break-ins are all considered threats.
A threat refers to any potential danger or harmful event that can exploit a vulnerability. It could be a malicious actor, a piece of malware, a natural disaster, or any circumstance that has the potential to cause harm.
What is a vulnerability? EX: Unpatched software, misconfigured permissions, weak passwords, or lack of encryption are common vulnerabilities that attackers exploit
A vulnerability is a weakness or gap in a system’s security posture that could be exploited by a threat. It’s a flaw or an oversight that might allow an attacker to compromise the confidentiality, integrity, or availability of a system or data.
What is Risk? EX: The risk of a data breach occurring due to a vulnerability in a poorly secured database is the combination of the likelihood of a hacker attempting to exploit it (threat) and the ease with which they can exploit the vulnerability (vulnerability).
Risk is the likelihood or probability that a threat will exploit a vulnerability, leading to harm or damage to an organization’s assets, systems, or data. It’s the potential impact or loss resulting from the intersection of a threat exploiting a vulnerability.
What are the four primary strategies of risk mitigation?
Accept, Avoid, Transfer, Reduce
In risk mitigation, what is Acceptance?
Acceptance involves acknowledging the existence of a risk and choosing not to take any specific action to address it actively.
In risk mitigation, what is avoidance?
Avoidance refers to eliminating the risk entirely by not engaging in the activity or situation that could lead to it.
In risk mitigation, what is transfer?
Transfer involves shifting the risk to another party, typically through contractual agreements, insurance, or outsourcing.
In risk mitigation, what is reduction?
Reduction focuses on minimizing the impact or probability of a risk by implementing preventive measures or controls.
