Security Controls Flashcards
1
Q
Name the three security Control Groups
A
Operational
Management
Technical
(privacy)
2
Q
List the management controls and identifiers
A
- Awareness and Training (AT)
- Personnel Security (PS)
- Planning (PL)
- Risk Assessment (RA)
- System and Services Acquisition (SA)
3
Q
List the Operational Controls and their identifiers
A
- Certification, Accreditation & Security Assessments (CA)
- Contingency Planning (CP)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Physical and Environmental Protection (PE)
4
Q
List the Technical Controls and their identifiers
A
- Access Control (AC)
- Audit and Accountability (AU)
- Configuration Management (CM)
- Identification and Authentication (IA)
- System and Communication Protection (SC)
- System and Information Integrity (SI)
5
Q
List the Privacy Controls and their identifiers
A
- Authority and Purpose (AP)
- Data Accountability, Audit and Risk Management (AR)
- Data Minimization and Retention (DM)
- Data Quality and Integrity (DI)
- Data Security (SE)
- Data Transparency (TR)
- Data Use Limitation (UL)
- Individual Participation and Redress (IP)
6
Q
What are GCA/ Common controls?
A
- Controls present in every organization
- Tend to be inherited & could come with organisation space.
- eg- CCTVS, lights, fencing, etc.
7
Q
What are System Specific Controls?
A
-Controls tunes to work specifically to meet the needs of an org. Usually put in place by management and would not be inherited.
8
Q
What are hybrid controls?
A
-Mix of common and system specific controls- tailored to meet the specific needs of an org or system.