There are three major control types: administrative, technical, and physical. Administrative controls (a.k.a. soft controls) are mostly management oriented. Common examples include security documentation, risk management, and training. Technical controls usually have to do with software and hardware. My two favorite examples of there types of controls are encryption and firewalls because I am familiar with both of these. Physical controls are exactly what they sound like. Security guards, cameras, locks and high fences with barbed-wire are examples of this last type of control.
The 6 control functionalities are as follows (most are self explanatory):
-Deterrent
-Preventative
-Corrective
-Recovery
-Detective
-Compensating -- Alternative control that provides similar protection as the original
Important for all controls to work together. If they do not do so in an effective manner, or if they contradict each other, security gaps will be prevalent.
No comments:
Post a Comment