Scribd
Upload
46 views

Module 4 Types of Security Control

The document discusses different types of information security controls, including administrative, physical, and technical controls. Administrative controls involve security policies, user management, and training. Physical controls prevent unauthorized access through surveillance cameras, identity cards, and alarms. Technical controls manage network access through firewalls, authentication, and encryption. The functions of security controls are also outlined, such as being directive, preventive, detective, corrective, and focused on recovery.

Uploaded by

lebrondurant2311
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
46 views

Module 4 Types of Security Control

The document discusses different types of information security controls, including administrative, physical, and technical controls. Administrative controls involve security policies, user management, and training. Physical controls prevent unauthorized access through surveillance cameras, identity cards, and alarms. Technical controls manage network access through firewalls, authentication, and encryption. The functions of security controls are also outlined, such as being directive, preventive, detective, corrective, and focused on recovery.

Uploaded by

lebrondurant2311
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Types of Information Security

Controls

BERNADETH B. LIGGAYU
Information security controls are safeguards and
countermeasures designed to strengthen the
integrity, confidentiality, and availability of an
organization’s IT assets.
Administrative Control
Administrative Control is a set of security rules,
policies, procedures, or guidelines specified by
the management to control access and usage
of confidential information. It includes all the
levels of employees in the organization and
determines the privileged access to the
resources to access data.

✓ User Management
✓ Privilege Management
✓ Employee Security, Clearance, and
Evaluation
✓ Employee training and awareness, etc.
Physical Control
Physical Control is a set of security controls
implemented physically to prevent unauthorized
access to the data and security risks. Some
examples of physical controls are:

✓Surveillance cameras
✓Biometrics
✓Identity
Cards
✓Alarm systems, etc.
Technical Control
Technical Control is to control the access of confidential
information over the network using technology. Technical
functions are involved in managing and controlling the
access of the employee. Some examples of technical
controls are:

✓Access controls
✓Firewalls
✓Network Authentication
✓Encryption, etc.
Team Eyyy -

Team Biii-

Team Ciiii –

Team Diiiii-

Team Eiiiiii
Your final performance(score) will be added to your next
quiz.
1. Which of the following is NOT a preventive
security control?
A. Multi-factor authentication
B. User education and awareness training.
C. Regular vulnerability scanning and patching
D. Incident response plan
Which of the following is NOT a preventive security control?

A. Multi-factor authentication (Correct) - This is a detective control, as it


identifies and verifies users before granting access.

B. User education and awareness training (Correct) - This prevents


incidents by educating users about security risks and best practices.

C. Regular vulnerability scanning and patching (Correct) - This prevents


incidents by identifying and fixing vulnerabilities before they can be
exploited.

D. Incident response plan (Incorrect) - This is a corrective control, as it


helps minimize damage after an incident occurs.
2. The primary objective of detective security
controls is to:
A. Prevent security incidents from happening
B. Identify and report security incidents
C. Minimize the damage caused by security incidents
D. Define acceptable use of information
The primary objective of detective security controls is
to:

A. Prevent security incidents from happening (Incorrect) - This is the


goal of preventive controls.
B. Identify and report security incidents (Correct) - Detective controls
monitor systems and data for suspicious activity.
C. Minimize the damage caused by security incidents (Incorrect) - This
is the goal of corrective controls.
D. Define acceptable use of information systems (Incorrect) - This is
the goal of administrative controls.
3. Which of the following is an example of a
physical security control?
A. Data encryption
B. Password complexity requirements
C. Security cameras and access control
systems
D. Firewalls and intrusion detection systems
3. Which of the following is an example of a
physical security control?

A. Data encryption (Incorrect) - This is a technical control.


B. Password complexity requirements (Incorrect) - This is an administrative
control.
C. Security cameras and access control systems (Correct) - These
physically restrict access to sensitive areas.
D. Firewalls and intrusion detection systems (Incorrect) - These are technical
controls.
4. Administrative security controls typically include:
A. Software updates and vulnerability patching
B. Encryption algorithms and key management
practices.
C. Security policies, procedures, and guidelines
D. Intrusion detection systems and network
monitoring tools
4. Administrative security controls typically include:
A. Software updates and vulnerability patching
(Incorrect) - This is a technical control.
B. Encryption algorithms and key management practices
(Incorrect) - This is a technical control.
C. Security policies, procedures, and guidelines
(Correct) - These define acceptable behavior and access
rules.
D. Intrusion detection systems and network monitoring
tools (Incorrect) - These are technical controls.
Functions of Security controls

When a security control is


implemented, the function of the
control is broadly specified into
seven categories:
1. Directive Controls
Directive Controls are the mandatory controls that
are implemented to monitor the regulations. It
provides guidance primarily aligned with the
organizations required to follow, like policies,regulations,
etc.
2. Deterrent Controls
Deterrent Controls are deployed to discourage the
violation of a security function, and it helps to reduce
the chances of a deliberate attack. Deterrent
Controls help to make intelligent decisions and deter
the way that is not secure to use.
3. Preventive Controls
Preventive Controls are used to prevent or avoid
security incidents in the organization. It helps to
mitigate unauthorized activities by indulging
preventive methods in the organization.
4. Compensating Controls
Compensating Controls are the alternative methods
that support the requirement of actual security control
implemented. The role of the compensating Control is
to provide a similar level of assurance even if the
attacker has compromised the actual security control.
5. Detective Controls
Detective controls are used to detect and alert
unauthorized or unwanted activities within the
organization. It helps to detect and react to security
violations using tools, processes, and best
practices.
6. Corrective Controls
Corrective Controls are used to remediate or
mitigate the effect of a security incident. It includes
measures to mitigate and prevent the same
security incident from recurrence.
7. Recovery Controls
Recovery Controls are deployed to recover and
restore the operating system to normal condition
after the security incident.
References:
Infosec Train. (2023, March 10). Types of security controls - InfosecTrain. InfosecTrain.
https://www.infosectrain.com/blog/types-of-security-controls/

You might also like