Security Controls

Question 1

Managerial

Answer 1

A category of security control that provides oversight of information systems. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.

Question 2

Operational

Answer 2

A category of security control that is implemented by people. For example, security guards and training programs are operational controls.

Question 3

Technical

Answer 3

A category of security control that is implemented as a system. For example, firewalls, antivirus software, and OS access control models are technical controls.

Question 4

Physical

Answer 4

A category of security control that is implemented by hardware used to deter or detect, such as as alarms, gateways, locks, lighting, and security cameras.

Question 5

Preventive

Answer 5

A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.

Question 6

Detective

Answer 6

A type of security control that acts during an incident to identify or record that it is happening.

Question 7

Corrective

Answer 7

A type of security control that acts after an incident to eliminate or minimize its impact.

Question 8

Directive

Answer 8

A type of control that enforces a rule of behavior through a policy or contract.

Question 9

Deterrent

Answer 9

A type of security control that discourages intrusion attempts.

Question 10

Compensating

Answer 10

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.