2023 IT Examiner School
Internal Use Only
CIA Control Table - Confidentiality Corrective Detective Preventative • Data Loss Prevention Solution
• Security Policy • Security Awareness Training • HR/Employee Policy • Access Control Lists • Data Classification and Labeling • Access Control User Review • Guards • Fences • Mantraps • Locks • Paper Shredder • Physical Security Cameras • Authentication with Complex Passwords • Biometrics • Multi-Factor Authentication • Encryption
• Security Officer Description/Duties • Log Reviews • Automatic Notification Systems • Audits • Security Reviews
• Encryption for Data at Rest • Encryption for Data in Transit • Incident Response Policy (Evidence Retention/Forensics)
Administrative
• Premises Alarm Systems • Motion Detector • Fences • Mantraps • Security Guards
• Log Security and Retention • Access Control by Zones • Badges/Proximity Cards
Physical
• Intrusion Detection Systems (IDS) • Intrusion Prevention System (IPS) • Security Event Management (SEIM)
• Countermeasures • Log Forensics • Reboot/Restart • Patch Deployment
Technical
Internal Use Only
CIA Control Table - Integrity Corrective Detective Preventative • Incident Response Plan (IRP)/Procedures • IRP Testing Simulations • Security Review Policy • Security Procedures • Job Rotation
• Duty Segregation • Background Checks and Effective Hiring Practices • Controlled Off-Boarding • Change Management Policy
Administrative
• Control Totals • Checklists • Dual Controls
• Reconciliation • Control Total Verification
• Incident Response Team • Reject Re-Entry
Physical
• Digital Signatures • Patch Management • Anti-Malware Software • Firewalls
• IDS/IPS • Checksums • Hash Comparison
• Platform Restore • Data Integrity Verification and Testing • Operating System Updates
Technical
Made with FlippingBook - Share PDF online