Technical Controls
Technical controls → safeguards implemented using technology such as firewalls, intrusion detection systems, antivirus software, encryption, and multifactor authentication.
Managerial Controls
Managerial controls → administrative safeguards focused on policies, procedures, risk management, and security governance such as security policies and risk assessments.
Operational Controls
Operational controls → safeguards implemented through people and processes including security training, incident response procedures, and change management.
Physical Controls
Physical controls → safeguards that protect physical assets such as locks, fences, security guards, cameras, and access control systems.
Preventive Control Types
Preventive control types → controls that stop security incidents before they occur, including technical firewalls, managerial security policies, operational training, and physical locks.
Deterrent Control Type
Deterrent control type → controls that discourage attacks such as warning banners, visible cameras, security guards, and posted policies.
Detective Control Type
Detective control type → controls that identify incidents after they occur including intrusion detection systems, log monitoring, audits, and security cameras.
Corrective Control Type
Corrective control type → controls that reduce the impact of incidents such as system patching, restoring backups, updating firewall rules, and account resets.
Compensating Control Type
Compensating control type → alternative controls used when primary controls are not feasible, such as increased monitoring when encryption cannot be implemented.
Directive Control Type
Directive control type → controls that guide behavior such as security policies, procedures, standards, and acceptable use policies.
-
Security Controls10
-
The CIA Triad & Non-Repudiation8
-
AAA & Gap Analysis10
-
Zero Trust12
-
Physical Security8
-
Deception & Disruption4
-
Change Management9
-
Technical Change Management9
-
Public Key Infrastructure & Encrypting Data24
-
Key Exchange & Encyption Technology10
-
Obfuscation8
-
Hashing & Digital Signatures9
-
Digital Certificates12
-
Threat Actors8
-
Common Threat Vectors12
-
Common Social Engineering Attacks9
-
Application & Memory-Based Attacks9
-
SQL Injections & Cross-site Scripting6
-
Operating System & Hardware Vulnerabilities7
-
Virtualization & Cloud-specific Vulnerabilities10
-
Supply Chain & Misconfiguration Vulnerabilities10
-
Mobile Device & Zero-day Vulnerabilities7
-
An Overview of Malware14
-
Viruses, Worms, Spyware & Bloatware10
-
Other Malware Types & Physical Attacks9
-
Denial of Service & DNS Attacks10
-
Wireless & On-Path Attacks:6
-
Replay Attacks & Malicious Code9
-
Cryptographic & Password Attacks8
-
Indicators of Compromise10
-
Segmentation, Access Control & Mitigation Techniques10
-
Hardening Techniques10
-
Cloud Infrastructures9
-
Network Infrastructure Concepts14
-
Infrastructure Considerations15
-
Intrusion Prevention7
-
Network Appliances & Port Security16
-
Firewall Types & Secure Communication11
-
Data Types & Classifications12
-
States of Data & Protecting Data14
-
Resiliency9
-
Capacity Planning, Backups & Recovery Testing9
-
Infrastructure Hardening & Secure Deployment11
-
Wireless Security Settings11
-
Application Security7
-
Asset Management, Vulnerability Scanning & Threat Intelligence14
-
Penetration Testing & Analyzing Vulnerabilities14
-
Vulnerability Remediation & Security Monitoring10
-
Security Tools10
-
Secure Protocols, OS & Email Security15
-
Monitoring Data & Endpoint Security13
-
Identity & Access Management8
-
Access Controls10
-
Incident Response & Planning10
-
Digital Forensics & Log Data17
-
Security Policies, Standards, Procedures & Considerations12
-
Data Roles, Risk Analysis & Management Strategies14
-
Business Impact Analysis & Agreement Types15
-
Compliance, Privacy, Audits & Assessments11
-
Penetration Testing, Security Awareness & User Training10
