Security Control Categories

Wednesday, October 9, 2024

Security Control Categories

Security controls are designed to protect a system or data asset by ensuring its confidentiality, integrity, availability, and non-repudiation; these controls can be categorized as managerial, operational, technical, and physical, depending on how they are implemented, with examples including risk assessments (managerial), security guard patrols (operational), firewalls (technical), and security cameras (physical).

Key points:

Confidentiality: Limiting access to information to authorized users only.

Integrity: Ensuring data is accurate and not tampered with.

Availability: Guaranteeing that information is accessible to authorized users when needed.

Non-repudiation: Preventing a user from denying their actions on a system.

Control categories:

Managerial:

Policies, procedures, risk assessments, and oversight functions performed by management.

Operational:

Actions taken by users and system administrators, like security awareness training and access control procedures.

Technical:

Hardware and software mechanisms like firewalls, encryption, and access control systems.

Physical:

Physical security measures like locks, alarms, security cameras, mantraps, access control vestibule, turnstiles, and site access controls.

Example controls in each category:

Managerial: Security policy document, risk management process, vendor assessment

Operational: User access reviews, password management procedures, incident response plan

Technical: Intrusion detection system, antivirus, port security, 802.1x, least privilege using group policy, data encryption, antivirus software

Physical: Building access control system, security cameras, data center environmental controls

CompTIA Exam Prep - ITF+, A+, Network+, Security+, CySA+

CompTIA Security+ Exam Notes

Wednesday, October 9, 2024

Security Control Categories

Security Control Categories

No comments:

Post a Comment