Security Controls & Measures - Sec+

Managerial Controls

Administrative controls associated with security design and implementation.

Example: Security policies and procedures

Operational Controls

Controls implemented by people instead of systems.

Example: Security guards and awareness training

Preventive Controls

Objective: Prevent security incidents from occurring.

Example: Firewalls, Access control mechanisms (e.g., passwords, biometrics), Intrusion prevention systems (IPS), Security policies and procedures

Physical Controls

Used to limit physical access.

Example: Badge readers, fences, bollards, etc.

Package Monitoring

(Vulnerability Management) Tracking software package versions and security patches to identify vulnerabilities

SDLC

Software Development Life Cycle: Structured process for developing software applications ensuring quality, meeting user requirements, and delivered within time and cost estimates

Secure Enclave

A secure enclave is a protected area for secret information, and the secure enclave is often implemented as a hardware processor in a device

Registration Authority (RA)

An entity that acts as an intermediary between users or entities and a Certificate Authority (CA) in a PKI environment

SCAP

The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization

MSA

Master Service Agreement: Blanket agreement covering general terms of engagement between parties across multiple transactions

Alerting

Provides real-time notifications of security incidents and potential threats.

Example: These timely alerts enable security teams to respond promptly and implement mitigation measures

Audit Committee

Internal committee overseeing an organization's internal controls, financial reporting, and compliance processes

AUP

Acceptable Use Policy: Outlines rules and guidelines for appropriate use of an organization's information systems, network, and resources

Backout Plan

Predefined procedures to reverse changes made during planned activities

Bastion Host

Hardened server located on the perimeter network (also known as a DMZ or demilitarized zone) that provides a single point of entry for administrative access

BPA

Business Partnership Agreement: Agreement made when two entities pool resources for mutual effort

Capacity Planning

Capacity planning involves assessing the resources, including personnel, needed to maintain business operations during and after a disruption

Centralized Governance Structure

Decision-making authority and control concentrated at top management levels

Chain of Custody

Refers to the process of maintaining and documenting the handling of evidence, ensuring that it is preserved in a way that maintains its integrity for legal and investigative purposes

Change Advisory Board

It is a formal group within an organization responsible for evaluating, prioritizing, approving, and overseeing changes to IT infrastructure, systems, applications, and services

Compensating Controls

Security measures implemented to provide an alternative method of protecting assets when standard controls are not feasible.

Example: Temporary access restrictions, Alternative authentication mechanisms, Additional monitoring when primary controls are down

Containment

The isolation and containment process prevents malware from spreading and allows the administrator to analyze the operation of the malware without putting any other devices at risk

Corrective Controls

Objective: Correct and mitigate the impact of security incidents.

Example: Antivirus and anti-malware software, Backup and recovery procedures, Patch management systems, Incident response plans

CSR

A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate

DAC

Discretionary Access Control: Allows the owner of a resource to determine access

Data Controller

Manages the purpose and means by which data is processed

Data Custodian

Responsible for data accuracy, privacy, security, and compliance (System admin)

Data Owner

Data owners are responsible for the classification, protection, use, and quality of one or more data sets

Data Processor

Works under the data controller to assist in tasks like collecting, storing, or analyzing data. Processes the data on behalf of the data controller

Data States

Data at rest, Data in transit, Data in use

Decentralized Governance Structure

Decision-making authority distributed among various levels and departments within the organization

Degaussing

Erasing data by exposing storage media to a strong magnetic field

Detective Controls

Objective: Detect and alert on security incidents as they occur.

Example: Intrusion detection systems (IDS), Security information and event management (SIEM) systems, Audit logs and monitoring, Surveillance cameras

Deterrent Controls

Objective: Discourage potential attackers from attempting to compromise a system.

Example: Warning signs, Security awareness training, Visible security measures (e.g., security guards, CCTV)

Directive Controls

Objective: Specify acceptable practices and expected behavior.

Example: Security policies and guidelines, Employee handbooks, Standard operating procedures (SOPs), Codes of conduct

Endpoint DLP

Installed on a user workstation or laptop with the goal of securing the data on that device

FIM

File Integrity Monitoring (FIM) tools monitor and detect changes to files and directories on systems.

Example: They generate alerts or notifications when unauthorized changes occur

DRP

Disaster Recovery Plan - a documented strategy for restoring IT systems, data, and operations after a disruptive event

E-discovery

Essential component of incident response and primarily relates to the collection and handling of electronic data

EF

Exposure Factor: Proportion of an asset lost in an event measured as a percentage

Geographic Dispersion

Involves placing servers or data centers in different locations to reduce the risk of downtime and data loss due to localized weather events or disasters

Capability

Pertains to a threat actor's ability to devise new exploits and tools. It doesn't necessarily denote the intricacy of their methods

Security Controls

Detective, Compensating, Directive, Corrective

Security Zones

Network segments isolated based on required security levels

Serverless Framework

Serverless architectures allow developers to build and run applications without managing servers, often leading to cost savings as you only pay for the compute resources used during execution

SIEM

Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations

SLA

Service Level Agreement: Standard of service a client can expect from a provider

SLE

Single Loss Expectancy: Monetary value expected to be lost in a single event. Formula: $Asset Value * Exposure Factor% = SLE

Storage DLP

Installed on servers and storage systems, such as file servers, databases, and network-attached storage (NAS) devices to protect data at rest

Technical Controls

Implemented using technical systems.

Example: Operating system controls, firewalls, etc.

Threat Hunting

Involves proactively searching for signs of malicious activity within a network or system, especially when known indicators of compromise (IOCs) or tactics are not yet detected by automated systems like SIEM

Threat Scope Reduction

Decreasing the number of possible entry points into a network

Tuning

Refers to the process of adjusting alerting thresholds or rules in security systems to reduce false positives and ensure that only relevant alerts are triggered

Version Control

Tracks changes to files, systems, or configurations over time, enabling users to revert to previous states and manage modifications

Virtualization

Technology creating isolated environments on a single physical device for resource optimization and security