1.1 – Security Controls

Question 1

Controls implemented using some type of technical system

Answer 1

Technical

antivirus, firewalls, encryption, IDS

Question 2

Administrative controls associated with security design and implementation

Answer 2

Managerial

security policies, standard operating procedures, risk assessments, training programs, incident response plans

Question 3

Controls implemented by people instead of systems

Answer 3

Operational

security guards, awareness programs, backup procedures, account reviews, password reset policy

Question 4

Controls that limit physical access to buildings, rooms and devices

Answer 4

Physical

cameras, badge readers, fences, security guards, locks

Question 5

Proactive measures implemented to thwart potential security threats or breaches

fortify

Answer 5

Preventative

aim to fortify systems before an incident occurs

Question 6

Discourage attackers by making the effort seem less appealing or more challenging

deter

Answer 6

Deterrent

aim to deter attackers from attacking your systems

Question 7

Monitor and alert to malicious activities as they occur or shortly thereafter

watch

Answer 7

Detective

aim to detect and notify

Question 8

Mitigate any potential damage and restore systems to their normal state

correct

Answer 8

Corrective

aim to apply a control after an event has been detected

Question 9

Alternative measures that are implemented when primary security controls are not feasible or effective

alternate

Answer 9

Compensating

aim to ensure protection is in tack even if ideal controls are not

Question 10

Direct someone to do something more secure rather than less secure

direct

Answer 10

Directive

aim to guide, inform or mandate actions

Question 11

Control Type Example:
Preventative

Answer 11

• Technical: Firewall rules
• Managerial: On-boarding policy
• Operational: Guard Shack
• Physical: Door Lock

Question 12

Control Type Example:
Deterrent

Answer 12

• Technical: Application splash screen
• Managerial: Threat of dismissal
• Operational: Front Reception Desk
• Physical: Posted warning signs

Question 13

Control Type Example:
Detective

Answer 13

• Technical: Collect/Review system logs
• Managerial: Review login reports
• Operational: Patrol the property
• Physical: Motion Detectors

Question 14

Control Type Example:
Corrective

Answer 14

• Technical: Backup recovery
• Managerial: Reporting issue policy
• Operational: Contact authorities
• Physical: Fire extinguisher

Question 15

Control Type Example:
Compensating

Answer 15

• Technical: Block instead of patch
• Managerial: Separation of duties
• Operational: Multiple security staff
• Physical: Power generator

Question 16

Control Type Example:
Directive

Answer 16

• Technical: File storage policies
• Managerial: Compliance policies
• Operational: Security policy training
• Physical: Sign: Authorised personnel Only