IT Examiner School eBook

Control Types, Timing, and Layering

• Controls are categorized according to timing & nature • Importance of layered controls system • Strength of one control can compensate for weaknesses in or failure of another control

CIA Control Table - Confidentiality Corrective Detective Preventative • Data Loss Prevention Solution

• Security Policy • Security Awareness Training • HR/Employee Policy • Access Control Lists • Data Classification and Labeling • Access Control User Review • Guards • Fences • Mantraps • Locks • Paper Shredder • Physical Security Cameras • Authentication with Complex Passwords • Biometrics • Multi-Factor Authentication • Encryption

• Security Officer Description/Duties • Log Reviews • Automatic Notification Systems • Audits • Security Reviews

• Encryption for Data at Rest • Encryption for Data in Transit • Incident Response Policy (Evidence Retention/Forensics)

Administrative

• Premises Alarm Systems • Motion Detector • Fences • Mantraps • Security Guards

• Log Security and Retention • Access Control by Zones • Badges/Proximity Cards

Physical

• Intrusion Detection Systems (IDS) • Intrusion Prevention System (IPS) • Security Event Management (SEIM)

• Countermeasures • Log Forensics • Reboot/Restart • Patch Deployment

Technical

Made with FlippingBook - Online magazine maker