Control Objectives 2 Flashcards
Directive controls
Are proactive actions taken to cause or encourage a desirable event and outcome occur. Are broad in nature, used to increase the effectiveness of other controls, examples: frameworks, models, polices, guidance statements
Control category - operational
Operational controls are aligned with a process that are primaily implemented and executed by people (change management, testing, training)
Control classification- corrective
Corrective controls minimize the impact of a threat agent or modify or fix situation
Control category- technical
Technical control mechanism are implemented using hardware, software and/or firmware components, can be native or supplementary (firewalls, cryptography, 2FA)
Control classification - preventive
Preventive controls stop a threat agent from being successful
Layered security
Layered security (defense-in-depth) is the design and implementation of multiple overlapping layers of diverse controls
Control category-Managerial
Managerial controls relate to risk management, governance, oversight, strategic alignment and decision making
Control category physical
Physical controls are designed to address physical interactions. Generally related to buildings and equipment
Control classification : Deterrent
Deterrent controls discourage a threat agent from acting
Control classification : Detective controls
Detective controls identify and report a threat agent or a threat action
Compensating controls
Compensating controls are implemented in lieu of a recommended control that provided equivalent or comparable protection, can be supplemental, short-term or temporarly