Security Controls Flashcards

1
Q

Name the three security Control Groups

A

Operational
Management
Technical
(privacy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List the management controls and identifiers

A
  • Awareness and Training (AT)
  • Personnel Security (PS)
  • Planning (PL)
  • Risk Assessment (RA)
  • System and Services Acquisition (SA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the Operational Controls and their identifiers

A
  • Certification, Accreditation & Security Assessments (CA)
  • Contingency Planning (CP)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Physical and Environmental Protection (PE)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List the Technical Controls and their identifiers

A
  • Access Control (AC)
  • Audit and Accountability (AU)
  • Configuration Management (CM)
  • Identification and Authentication (IA)
  • System and Communication Protection (SC)
  • System and Information Integrity (SI)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List the Privacy Controls and their identifiers

A
  • Authority and Purpose (AP)
  • Data Accountability, Audit and Risk Management (AR)
  • Data Minimization and Retention (DM)
  • Data Quality and Integrity (DI)
  • Data Security (SE)
  • Data Transparency (TR)
  • Data Use Limitation (UL)
  • Individual Participation and Redress (IP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are GCA/ Common controls?

A
  • Controls present in every organization
  • Tend to be inherited & could come with organisation space.
  • eg- CCTVS, lights, fencing, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are System Specific Controls?

A

-Controls tunes to work specifically to meet the needs of an org. Usually put in place by management and would not be inherited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are hybrid controls?

A

-Mix of common and system specific controls- tailored to meet the specific needs of an org or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly