Prof Messer CompTIA SY0-701 Security+ 1.1
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/12
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
13 Terms
control categories
technical controls
managerial controls
operational controls
physical controls
technical controls
controls implemented using systems/tech
OS controls
firewalls, antivirus, etc
managerial controls
administrative controls associated with security design and implementation
security policies, standard operating procedures, etc
operational controls
controls implemented by people
security guards, etc
physical controls
limit physical access
fences, locks, badge readers, etc
control types
preventive
deterrent
detective
corrective
compensating
directive
preventive control types
block access to a resource
ex: firewall rules, door locks, guards checking ID, etc
deterrent control types
discourage intrusion
threat of demotion, posted warning signs, application splash screens, etc
detective control types
identify and log an intrusion attempt
find issue
- collect and review system logs
- review login reports
- regularly patrol property
- motion detectors
corrective control types
apply a control after event has been detected
reverse impact of event
continue operating with minimal downtime
ex: restoring from backups to mitigate an infection, create policies for reporting security issues, use fire extinguisher
compensating control types
control using other means; current controls arent enough
prevent the exploitation of a weakness
ex:
firewalls block an application while devs work on a patch, generator used after power outage
directive control types
direct a subject towards a security compliance
relatively weak security control
"do this please"
ex: store all sensitive files in a protected folder, post a sign saying "authorized personnel only" etc
control categories and types
