🔒

Understanding Security Controls and Categories

May 7, 2025

Security Controls and Categories Lecture

Overview

  • Importance of security controls in IT security
  • Protection is required not only for data but for physical systems, buildings, and personnel
  • Security controls can prevent events, minimize impact, and limit damage

Categories of Security Controls

1. Technical Controls

  • Involves using technology to manage and enforce security
  • Examples: firewalls, antivirus, system policies, and procedures

2. Managerial Controls

  • Policies and procedures for managing computer systems and data
  • Included in security policies and standard operating procedures

3. Operational Controls

  • Involves people in enforcing security
  • Examples: security guards, awareness programs, and training

4. Physical Controls

  • Physical measures to prevent access
  • Examples: guard shacks, fences, locks, and badge readers

Types of Security Controls

A. Preventive Control Types

  • Limit access to resources
  • Examples: firewall rules, guard shacks, and door locks

B. Deterrent Control Types

  • Discourage attacks or unauthorized access
  • Examples: splash screens, threat of demotion, reception desks, warning signs

C. Detective Control Types

  • Identify and notify of breaches
  • Examples: system logs, login reports, property patrols, motion detectors

D. Corrective Control Types

  • Respond after an incident to minimize damage
  • Examples: backups, security policy alerts, contacting law enforcement, fire extinguishers

E. Compensating Control Types

  • Temporary measures for controlling incidents
  • Examples: firewall rules, separation of duties, multiple security guards, power generators

F. Directive Control Types

  • Direct actions to secure data
  • Examples: file storage policies, compliance policies, security training, authorized personnel signs

Summary

  • Security controls are diverse and categorized into technical, managerial, operational, and physical
  • Various control types serve different purposes within these categories
  • Organizations may use different security controls based on their specific needs and evolving technologies

Full transcript