Security Control Types and Functions

These flashcards cover key concepts related to the types and functions of security controls, their categories, and their roles in information security.

A __ control is designed to give a system or data asset the properties of confidentiality, integrity, availability, and non-repudiation.

Security

Controls can be divided into four broad categories: Managerial, Operational, Technical, and __.

Physical

The __ control gives oversight of the information system and includes risk assessment and security policies.

Managerial

Operational controls are primarily implemented by __.

people

_ controls run on hardware or software and operate without much intervention once configured.

Technical

Physical controls prevent, deter, and detect access to sites and hardware. Examples include alarms, gateways, and __.

security cameras

Preventive controls operate before an __ can take place.

attack

A __ control operates during an attack to identify or log signs of intrusion.

detective

Corrective controls are used after an attack to reduce or eliminate the impact of a security policy violation and can include a __ system.

backup

A directive control enforces a rule of behavior, such as a policy or __.

best practice standard

Deterrent controls discourage an attacker from attempting an intrusion by using measures such as signage and __.

legal penalties

A compensating control is a substitute for a primary control that cannot be implemented as such, and affords the same level of __.

protection