Security Risks and Controls Flashcards
Enforces CIA triads in the digital space. Ex: firewall rules, access control lists, intrusion prevention systems, and encryption
Technical Controls
includes the processes that we put in place to manage technology in a secure manner. Ex: user access reviews, log monitoring, and vulnerability management
Operational Controls
are procedural mechanisms that focus on the mechanics of the risk management process. Examples: periodic risks assessments and security planning exercises
Managerial Controls
intends to stop a security issue before it occurs. Examples: Firewalls and encryption are examples of this
Preventative Controls
identify security events that have already occured, Examples:NIDS
Detective Controls
remediate security issues that have already occurred. Example: restoring backups after a ransomware attack
Corrective Controls
Seek to prevent an attacker from attempting to violate security policies. Example: Viscous guard dogs and barbed wire fences
Deterrent Controls
are security controls that impact the physical world. Examples: fences, perimeter lighting, locks, fire suppression systems, and burglar systems
Physicals Controls
are controls designed to mitigate the risk associated with exceptions made to a security policy
Compensating Controls
is the risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach
Strategic Risk
is risk to the organization’s ability to carry out it’s day to day functions
Organizational Risk
occurs when a security breach causes an organization to run afoul of legal or regulatory requirements
Compliance Risk
