Studied by 0 people
Looks like no one added any tags here yet for you.
Technical Controls
Hardware or software systems specifically designed to monitor and control security, such as Network IDS or biometric security devices.
Managerial Controls
Controls that oversee information systems and aid in selecting and implementing other security controls, like risk identification tools.
Operational Controls
Human-centric controls focusing on procedures and responsibilities to maintain organizational security, such as cybersecurity training and password policies.
Physical Controls
Controls that manage access to premises and hardware, usually more expensive than technical controls, examples include building access control systems and security cameras.
Preventive Control
Controls that restrict unauthorized access physically or logically, examples include system passwords and physical door locks.
Deterrent Control
Controls that discourage attacks psychologically rather than physically preventing them, such as warning signs.
Detective Control
Controls that identify and record attempted or successful intrusions, like security camera systems.
Corrective Control
Controls that respond to and fix incidents, preventing their recurrence, such as antivirus software.
Compensating Controls
Using alternative means to address security events when current controls are insufficient.
Directive Control
Controls designed to guide and manage individual behavior within an organization, often through policies and guidelines.
Confidentiality
Ensures that data is accessible only to authorized personnel.
Integrity
Ensures that data remains unaltered during storage and transfer.
Availability
Guarantees that data is always accessible.
Non-repudiation
Ensures that neither party can deny the authenticity of the data.
Public Key Infrastructure (PKI)
Framework responsible for creating, distributing, managing, and storing digital certificates.
Hybrid Encryption
Combines the benefits of symmetric and asymmetric encryption.
Key Escrow
A third party holds the decryption key for convenient access in a large-scale organization.
Steganography
Embedding information within an unexpected source to disguise its true appearance.
Access Badge
Identification cards issued to authorized individuals, often with magnetic stripes or RFID technology.
Honeypot
A decoy system that mimics real systems to monitor attacker activity.
Digital Signature
A cryptographic mechanism that verifies the authenticity and integrity of a message.
Policy Enforcement Point
Enforces decisions about granting access to requested resources.
Standard Operating Procedure (SOP)
Defines routine operations or changes and provides detailed implementation instructions.
Approval Process
Formal procedure for evaluating and authorizing proposed changes before implementation.
Key Management System
System for managing cryptographic keys.
Wild Card Certificates
SSL/TLS certificates that can secure multiple subdomains under a single certificate.
Version Control
Method to track and manage changes in critical documents, configurations, and code.
Access Control Vestibule
A small enclosed space with interlocking doors regulating entry into secure areas.
Threat Scope Reduction
A process to minimize possible attack vectors and surfaces to reduce exposure.
