Week 7: Controls Flashcards
What three types of controls are there in terms of timing?
Before
During
After
What control can be done before?
preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders;
What control can be done before?
What control can be done during?
detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police;
What control can be done after?
corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible
What types of controls are there?
Physical controls
Procedural or administrative controls
Technical or logical controls
Legal and regulatory or compliance controls
What are examples of physical controls?
fences, doors, locks and fire extinguishers;
What are examples of Procedural or administrative controls?
incident response processes, management oversight, security awareness and training;
What are examples of Technical or logical controls?
user authentication (login) and logical access controls, antivirus software, firewalls;
What are examples of legal and regulatory or compliance controls
privacy laws, policies and clauses.
What are malware components?
Propagation Mechanism
payload
What are the types of malware?
Virus
Worm
trojan
What is adware?
Displays advertisements
What is spyware?
Gathers information
What is ransomware?
Blocks access
