Exam Objectives 1.1
Compare and contrast various types of security controls.
- Categories of security controls:
- Technical controls: Technology-based measures such as firewalls and encryption
- Managerial controls: Policies, procedures, and guidelines for security management
- Operational controls: Day-to-day security practices such as monitoring and access management
- Physical controls: Measures to safeguard physical assets and premises
- Types of security controls:
- Preventive controls: Aimed at preventing security incidents
- Deterrent controls: Intended to discourage potential attackers
- Detective controls: Focused on identifying and detecting security incidents
- Corrective controls: Implemented after an incident to mitigate the impact
- Compensating controls: Alternative measures to compensate for inadequate primary controls
- Directive controls: Policies or regulations providing specific guidance