Security Controls 1.1

Question 1

Technical Controls

Answer 1

• Uses some form of technology to address a physical security issue.
• Operating system controls
• Firewall, anti-virus

Question 2

Operational Controls

Answer 2

• Controls implemented by people instead of systems.
• Relies more on people to set the controls which can include training of security guards or setting up of info posters.

Question 2

Managerial Controls

Answer 2

• Administrative controls associated with security design and implementation.
• Security policies which include standard operating procedures.

Question 3

Physical Controls

Answer 3

• Prevent specific human interaction with a system.
• Guard shack
• Fences, locks
• Badge readers

Question 4

Preventive Control Types - Preventive

Answer 4

• Block access to resource.

Question 5

Preventive Control Types - Prevent Access

Answer 5

• Firewall rules.
• Follow security policy.
• Guard shack checks all identification.
• Enable door locks.

Question 6

Preventative - Technical

Answer 6

Firewall, blocks access to a specific resource.

Question 7

Preventative - Managerial

Answer 7

On-boarding policy

Question 8

Preventative - Operational

Answer 8

Guard shack

Question 9

Deterrent Control Types

Answer 9

• Discourage an intrusion attempt.
• Does not directly prevent access.

Question 10

Preventative - Phyiscal

Answer 10

Door lock, preventing access to the a room.

Question 11

Deterrent Control Types - Technical

Answer 11

Splash screen

Question 12

Deterrent Control Types - Managerial

Answer 12

Demotion

Question 13

Deterrent Control Types - Operational

Answer 13

Reception Desk, requires a person to operate.

Question 14

Deterrent Control Types - Physical

Answer 14

Warning signs

Question 15

Detective Control Types

Answer 15

• Identify and log an intrusion attempt.
• May not prevent access.

Question 16

Detective Control Types - Technical

Answer 16

System logs

Question 17

Detective Control Types - Operational

Answer 17

Property patrols

Question 18

Detective Controls Types - Managerial

Answer 18

Review login reports

Question 19

Detective Control Types - Physical

Answer 19

Motion detectors

Question 20

Corrective Control Types

Answer 20

• Apply a control after an event has been detected.
• Reverse the impact of an event.
• Continue operating with minimal downtime.

Question 21

Corrective Control Types - Technical

Answer 21

Backup recovery

Question 22

Corrective Control Types - Managerial

Answer 22

Policies for reporting issues

Question 23

Corrective Control Types - Operational

Answer 23

Contact authorities

Question 24

Corrective Control Types - Physical

Answer 24

Fire extinguisher

Question 25

Compensating Control Types

Answer 25

• Control using other means.
• Existing controls aren’t sufficient.
• May be temporary.

Question 26

Compensating Control Types - Technical

Answer 26

Block instead of patch

Question 27

Compensating Control Types - Managerial

Answer 27

Separation of duties

Question 28

Compensating Control Types - Operational

Answer 28

Require multiple security staff.

Question 29

Compensating Control Types - Physical

Answer 29

Power generator

Question 30

Directive Control Types

Answer 30

• Direct a subject towards security compliance.
• A relatively weak security control.

Question 31

Directive Control Types - Technical

Answer 31

File storage policies

Question 32

Directive Control Types - Managerial

Answer 32

Compliance policies

Question 33

Directive Control Types - Operational

Answer 33

Security policy training

Question 34

Directive Control Types - Physical

Answer 34

Sign: Authorized personnel only.

Question 35

AIC Triad - Integrity

Answer 35

• Messages cannot be modified with detection availability.

Question 36

AIC - Availability

Answer 36

• Systems and networks must be up and running.