Back to notes
Why might an organization implement deterrent controls and what is one example?
Press to flip
To discourage potential attackers, such as using splash screens with security information.
What is the primary purpose of IT security controls?
To prevent, minimize, and limit damage from security events by protecting data, systems, buildings, people, and organizational assets.
What is a distinctive characteristic of operational controls?
Operational controls are managed by people rather than technology.
Can you name four categories of security controls and provide one example for each?
1. Technical Controls - Firewalls 2. Managerial Controls - Security policies 3. Operational Controls - Security guards 4. Physical Controls - Badge readers
Identify one type of technical control used for prevention and its purpose.
Firewall rules; they limit unauthorized access to networks and systems.
In what way can directive controls enhance security? Give an example.
Directive controls instruct and guide behavior to improve security, such as compliance policies outlining necessary actions.
What is the significance of separating managerial controls into different control types?
Different control types help specific management processes tailored to strategic, operational, and compliance needs ensuring comprehensive security.
How do detective controls function differently from corrective controls?
Detective controls identify and log breaches, like system logs, while corrective controls remedy breaches, such as restoring from backups.
Explain how managerial controls can support operational controls with an example.
Managerial controls, like security policies, provide the framework for operational controls, such as monthly security training and awareness programs.
List two physical controls and explain how they protect organizational assets.
Locks can prevent unauthorized physical access to secure areas, while guard shacks provide controlled entry points.
How might compensating controls be implemented during a power outage?
The use of generators as a backup to maintain power supply until regular systems are restored.
Describe a scenario where corrective controls are necessary and name a possible corrective control.
After a data breach, a corrective control like restoring data from backups is necessary to recover lost information.
What are compensating controls? Provide an example.
Temporary solutions after a security event, such as using firewall rules for unpatched vulnerabilities.
What role do system logs play in technical detective controls?
System logs help in identifying and recording unauthorized access or anomalies, providing data for analysis and response.
Differentiate between preventive and deterrent controls with examples.
Preventive controls aim to limit access, like door locks, while deterrent controls discourage breaches, like warning signs.
Previous
Next