IT Examiner School

CIA Control Table - Confidentiality Preventative Detective Corrective

• Security Policy • Security Awareness Training • HR/Employee Policy • Access Control Lists • Data Classification and Labeling • Access Control User Review • Guards • Fences • Mantraps • Locks • Paper Shredder • Physical Security Cameras • Authentication with Complex Passwords • Biometrics • Multi-Factor Authentication • Encryption

• Security Officer Description/Duties • Log Reviews • Automatic Notification Systems • Audits • Security Reviews

• Data Loss Prevention Solution • Encryption for Data at Rest • Encryption for Data in Transit • Incident Response Policy (Evidence Retention/Forensics)

Administrative

• Premises Alarm Systems • Motion Detector • Fences • Mantraps • Security Guards

• Log Security and Retention • Access Control by Zones • Badges/Proximity Cards

Physical

• Intrusion Detection Systems (IDS) • Intrusion Prevention System (IPS) • Security Event Management (SEIM)

• Countermeasures • Log Forensics • Reboot/Restart • Patch Deployment

Technical

CIA Control Table - Integrity Preventative Detective Corrective

• Duty Segregation • Background Checks and Effective Hiring Practices • Controlled Off-Boarding • Change Management Policy

• Security Review Policy • Security Procedures • Job Rotation

• Incident Response Plan (IRP)/Procedures • IRP Testing Simulations

Administrative

• Control Totals • Checklists • Dual Controls

• Reconciliation • Control Total Verification

• Incident Response Team • Reject Re-Entry

Physical

• Digital Signatures • Patch Management • Anti-Malware Software • Firewalls

• IDS/IPS • Checksums • Hash Comparison

• Platform Restore • Data Integrity Verification and Testing • Operating System Updates

Technical