1.1

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

Technical Controls

Technology based safeguards

Example: Firewall blocking malicious IP addresses or a antivirus detecting malware.

It keeps attackers from breaching a network.

2
New cards

Managerial Control (Administrative)

Policies, procedures and governance set by a management,

Example, An Acceptable Use Policy, or a risk assessment procedure performed quarterly.

IT ensures consistent company wide security direction.

3
New cards

Operational Controls

Day to day procedures and practices carried out by people.

It reduces human error and prepares staff for threats

Example: Security awareness training for employees, or incident response drills.

System Backups, Patch management, Risk Assessment, Configuration Management.

4
New cards

Physical Controls

  • Definition: Use physical tools or barriers to protect property and people from threats.

  • Example: Security guards check IDs at entrances.

  • Real-life Use: Office buildings hire guards and use access-controlled doors.

5
New cards

Preventive

Definition: Stop problems before they happen.

Example: Strong password requirements prevent unauthorized access.

Real-life Use: Encryption, Firewalls, AV Software, all have technologies to prevent unauthorized access. Encryption, scrambles info, Firewalls block specific traffic, and AV software, detect and remove viruses.

6
New cards

Deterrent

  • Definition: Dissuade attackers with warnings or visible protections.

  • Example: "No Trespassing" signs or warning banners.

  • Real-life Use: Banks place warning signs and visible cameras to discourage theft.

7
New cards

Detective

  • Definition: Detect issues or breaches after they occur.

  • Example: Alarm systems or log reviews signal suspicious activity.

  • Real-life Use: Retail stores have surveillance that alerts managers to shoplifting.

  • Log Monitoring, Security Aduits, CCTV’s, IDS, Vulnerability Scanning

8
New cards

Corrective

  • Definition: Fix and recover after a security incident.

  • Example: Restoring data from backups after a cyberattack.

  • Real-life Use: Companies use backup data to recover after ransomware events.

9
New cards

Compensating

  • Definition: Use alternative controls to satisfy requirements when standard controls aren’t possible.

  • Example: Extra monitoring when technical encryption is not feasible.

  • Real-life Use: Legacy systems may restrict access if encryption can’t be added.

  • Backup Power, MFA Application Sandboxing, Network Segmentation.

10
New cards

Directive

  • Definition: Guide user behavior with policies and instructions.

  • Example: Security awareness training programs.

  • Real-life Use: Hospitals teach staff to recognize and report suspicious emails.

  • Security Training, Incident Response Plans, Acceptable Use Policies

  • Can be classified as Managerial(administrative) as they provide guidance on user behavior.

Explore top notes

Explore top flashcards