Cyber Security part 1

Technical Controls

Technical/logical controls are security controls put in place that are executed by technical systems. Technical controls include logical access control systems, security systems, encryption, and data classification solutions.

Managerial Controls

Managerial, or administrative, controls include business and organizational processes and procedures, such as security policies and procedures, personnel background checks, security awareness training, and formal change-management procedures.

Operational Controls

Operational controls encompass a range of procedures and actions carried out by personnel to enhance the security of individual and group systems. These controls include, but are not limited to, regular user training, implementation of fault tolerance measures, formulation of disaster recovery plans, and incident response coordination. Personnel responsible for these tasks must have the necessary technical skills and aligned their actions with the strategic security goals set by management.

Physical Controls

Physical controls are a category of security measures designed to prevent unauthorized physical access to an organization’s facilities and resources. They form a fundamental component of a layered defense strategy.

Preventive Controls

Preventive controls include security awareness, separation of duties, access control, security policies and intrusion prevention systems.

Deterrent Controls

are intended to discourage individuals from intentionally violating information security policies or procedures. Examples of deterrent controls include warnings indicating that systems are being monitored.

Detective Controls

Detective controls warn that physical security measures are being violated. Detective controls attempt to identify unwanted events after they have occurred. Common technical detective controls included audit trails, intrusion detection systems, system monitoring, checksums and anti-malware.

Corrective Controls

are reactive and provide measures to lessen harmful effects or restore the system being impacted. Examples of corrective controls includes operating systems upgrades data backup restores, vulnerability mitigation and anti-malware.

Compensating Controls

also known as alternative controls, are intended to reduce the risk of an existing or potential control weakness. They include audit trails and transaction logs that someone in a higher position reviews.

Directive Controls

security controls that provide guidance and set expectations to influence behavior within an organization. These controls, which can take the form of policies, procedures, or guidelines, dictate what actions should be taken to ensure security, and they establish rules for how specific situations should be handled.