Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Ayman D.

Security Controls: Categories and Types Study Notes

advertisement 
Study Notes on Security Controls
Overview of Security Controls
In IT security, various security risks must be addressed to protect not only data but also
physical systems, buildings, and people. Different security controls are implemented to
prevent unauthorized access and minimize the impact of potential security breaches .
Categories of Security Controls
Security controls can be broadly categorized into four main types:
1. Technical Controls
Implemented through technology, such as firewalls and antivirus software.
Example: Setting policies within an operating system to manage functions .
2. Managerial Controls
Involve policies and procedures to guide user behavior.
Example: Creating official security policy documentation .
3. Operational Controls
Utilize personnel to enforce security measures.
Example: Security guards, awareness programs, and training sessions .
4. Physical Controls
Limit physical access to facilities and devices.
Example: Guard shacks, locks, and badge readers .
Types of Security Control Mechanisms
Security controls can also be classified based on their function:
Preventive Controls: Aim to prevent unauthorized access.
Example: Firewall rules .
Deterrent Controls: Discourage potential attackers.
Example: Warning signs about consequences for unauthorized access .
Page 1 of 2
Detective Controls: Identify and warn about breaches.
Example: Reviewing system logs and patrolling the property .
Corrective Controls: Address issues after a breach has occurred.
Example: Restoring systems from backups after a ransomware attack .
Compensating Controls: Provide alternative measures when primary controls are
insufficient.
Example: Using a generator during a power outage .
Directive Controls: Guide user behavior towards secure practices.
Example: Compliance policies and training sessions .
Summary
Understanding the different categories and types of security controls is essential for
effective IT security management. Each control plays a vital role in protecting an
organization from various security threats, ensuring both data integrity and physical
safety. By implementing a combination of these controls, organizations can create a
robust security framework to mitigate risks and respond effectively to incidents.
Page 2 of 2
Related documents
M0084 – Sistem Informasi dalam Manajemen True-False – Individual Assignment
M0084 – Sistem Informasi dalam Manajemen True-False – Individual Assignment
Unauthorized Person in Staff Areas Policy
Unauthorized Person in Staff Areas Policy
and February 2, 2015
and February 2, 2015
Access Controls outline
Access Controls outline
Download
advertisement