Back to notes
Contrast detective operational controls with corrective operational controls.
Press to flip
Detective operational controls like property patrols identify breaches, while corrective operational controls like contacting authorities help manage and mitigate the impact post-breach.
What are the main categories of security controls in IT security?
Technical Controls, Managerial Controls, Operational Controls, Physical Controls
Why are detective controls critical in IT security?
They help identify and provide warnings about breaches, allowing for quick responses to security incidents.
Provide an example of an operational control.
Security guards or awareness programs.
What is a directive control and why is it considered weaker?
Directive controls direct actions for security, such as compliance policies, but are seen as weaker because they rely on proper implementation and compliance.
How might an organization use deterrent controls effectively?
By using warning signs, reception desks, or demotion threats to discourage potential attackers from attempting breaches.
What are corrective controls and why are they important?
Corrective controls occur after an event to minimize its impact or allow continued operation, helping to quickly recover and maintain security.
Explain compensating controls with examples.
Compensating controls are temporary measures when full resolution isn't possible, such as firewall rules to block vulnerability exploits or power generators.
Describe the role of physical controls in IT security.
Physical controls limit physical access to buildings, rooms, or devices to protect assets from unauthorized access or damage.
What are some examples of preventive managerial controls?
Onboarding policies and security policy documentation
Identify one preventive control under each major category of security controls.
Technical: Firewall rules, Managerial: Onboarding policies, Operational: Guard shack ID checks, Physical: Door locks
What type of controls are door locks considered as?
Physical controls, specifically preventive controls.
What security control type would 'data recovery from backups' fall under?
Corrective control - Technical category
How do deterrent controls function?
They discourage or deter attacks by making it less appealing or more difficult for attackers.
Give examples of detective controls in technical and physical categories.
Technical: System logs review, Physical: Motion detectors
How do technical controls differ from managerial controls?
Technical controls are implemented using technical systems like firewalls, whereas managerial controls are policies and procedures created by management.
Previous
Next