Filip Maertens - founder of Securax
Cybersecurity controls are the countermeasures that companies implement to detect, prevent, reduce, or counteract security risks. They are the measures that a business deploys to manage threats targeting computer systems and networks. The controls keep on changing to adapt to an evolving cyber environment. Given the growing rate of cyberattacks, data security controls are more important today than ever.
Once an organization defines control objectives, it can assess the risk to individual assets and then choose the most appropriate security controls to put in place. One of the easiest and most straightforward models for classifying controls is by type: physical, technical, or administrative, and by function: preventative, detective, and corrective.
Tähän tulee Flashcards Grid -komponentti, jonka tiedot alla
Physical Controls Describes anything tangible that's used to prevent or detect unauthorized access to physical areas, systems, or assets
Technical Controls Include hardware or software mechanisms used to protect assets
Administrative controls Refers to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals.
There are several functions of security controls such as preventive, detective, and corrective controls.
Tässä kohtaa Table, jonka tiedot alla Source Control Types:
Physical: Fences, gates, locks
Technical: Firewall, IPS, MFA, antivirus
Administrative: Hiring and termination policies, separation of duties, data classification
Physical: CCTV and surveillance camera logs
Technical: Intrusion detection systems, honeypots
Administrative: Review access rights, audit logs, and unauthorized changes
Physical: Repair physical damage, re-issue access cards
Technical: Patch a system, terminate a process, reboot a system, quarantine a virus
Administrative: Implement a business continuity plan or incident response plan