OB 1.1 SEC CONTROLS

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/23

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

24 Terms

1
New cards

Technical security controls,

known as

logical security controls, are mechanisms

implemented in hardware, software, or

firmware that automate the process of

preventing, detecting, and responding to

security threats.

2
New cards

Managerial security controls

administrative controls, are the policies,

procedures, and guidelines that govern the

behavior of people within an organization

and the operation of the IT systems

3
New cards

what do tech security controls include

◦ Access Control Mechanisms

◦ Firewalls

◦ Intrusion Detection Systems (IDS) and

Intrusion Prevention Systems (IPS)

◦ Encryption

◦ Antivirus and Antimalware Software

◦ Virtual Private Networks (VPN)

4
New cards

what do Managerial security controls include

◦ Security Policies and Procedures

◦ Risk Management

◦ Incident Response and Recovery Plans

◦ Business Continuity and Disaster Recovery

Planning

5
New cards

Operational security controls

daily methods and procedures that are

implemented by an organization to ensure

and maintain the security of its information

and assets. Done by people in the organization.

6
New cards

what do

Operational security controls include

◦ Security Awareness Training

◦ Physical media protection

7
New cards

Physical security controls

protect

hardware and facilities that house the

systems, networks, and data.

These controls are designed to prevent

unauthorized access, damage, and

interference to the organization's physical

resources.

8
New cards

what do Physical security controls include

◦ Lighting

◦ Signs

◦ fences

◦ Security guards

◦ Cameras

9
New cards

Preventive controls

Attempts to stop a security incident from

occurring.

10
New cards

what do Preventive controls include

IPS, firewalls, encryption, access controls

11
New cards

Detective controls

Attempts to detect events that resulted in a

security incident

12
New cards

Corrective controls

Attempts to remediate an incident that has

occurred.

13
New cards

what do detective controls include

IDS, SIEM, video surveillance, motion

detection

14
New cards

what do corrective controls include

UPS, restoring backups, incident

response procedures

15
New cards

Deterrent controls

Attempts to discourage a threat

16
New cards

Directive controls

Provides directions on how to systems.

17
New cards

Compensating controls

Provides alternate controls when the primary

control may not be sufficient

18
New cards

what do

Deterrent controls include

Guard dogs, Cameras, barbed wire

19
New cards

what do

directive controls include

Polices, Procedures

20
New cards

what do Compensating controls include

Segregation of duties

21
New cards

Defense in Depth

information assurance concept

where multiple layers of security controls

(defensive mechanisms) are placed

throughout an information technology (IT)

system.

Utilizing multiple controls in a layered

manner to protect information.

22
New cards
23
New cards
24
New cards