IT Examiner School eBook
Control Types, Timing, and Layering
• Controls are categorized according to timing & nature • Importance of layered controls system • Strength of one control can compensate for weaknesses in or failure of another control
CIA Control Table - Confidentiality Corrective Detective Preventative • Data Loss Prevention Solution
• Security Policy • Security Awareness Training • HR/Employee Policy • Access Control Lists • Data Classification and Labeling • Access Control User Review • Guards • Fences • Mantraps • Locks • Paper Shredder • Physical Security Cameras • Authentication with Complex Passwords • Biometrics • Multi-Factor Authentication • Encryption
• Security Officer Description/Duties • Log Reviews • Automatic Notification Systems • Audits • Security Reviews
• Encryption for Data at Rest • Encryption for Data in Transit • Incident Response Policy (Evidence Retention/Forensics)
Administrative
• Premises Alarm Systems • Motion Detector • Fences • Mantraps • Security Guards
• Log Security and Retention • Access Control by Zones • Badges/Proximity Cards
Physical
• Intrusion Detection Systems (IDS) • Intrusion Prevention System (IPS) • Security Event Management (SEIM)
• Countermeasures • Log Forensics • Reboot/Restart • Patch Deployment
Technical
Made with FlippingBook - Online magazine maker