Security Controls - CompTIA Security+ SY0-701 - 1.1
Understanding Security Controls
Overview of Security Risks
- The importance of preparing for various security risks in IT, as attackers seek different methods to access systems.
- Emphasizes that protection extends beyond data to include physical systems, buildings, and people within an organization.
Categories of Security Controls
- Introduction to broad categories of security controls: technical, managerial, operational, and physical.
Technical Controls
- Defined as controls implemented through technical systems like operating system policies, firewalls, and antivirus software.
Managerial Controls
- Involves creating policies and procedures for managing computers and data; often included in official security policy documentation.
Operational Controls
- Focuses on human elements such as security guards or awareness programs that help enforce best practices in IT security.
Physical Controls
- Designed to limit physical access to facilities or devices using measures like guard shacks, fences, locks, or badge readers.
Types of Control Mechanisms
Preventive Control Types
- Aimed at limiting access to resources; examples include firewall rules and guard checks at facility entrances.
Deterrent Control Types
- While not preventing access outright, they discourage attacks; examples include splash screens with security warnings or reception desks monitoring entry.
Detective Control Types
Understanding Security Controls
Corrective Security Controls
- Corrective security controls are implemented after a security breach is detected, aiming to reverse the impact of the event.
- These controls can help maintain business operations with minimal downtime, such as erasing ransomware-infected data and restoring from backups.
- Policies should be established for reporting unusual activities, which may include contacting law enforcement in case of physical breaches.
- Physical measures like fire extinguishers are also considered corrective actions to prevent further damage during incidents.
Categories of Security Controls
- Different types of corrective actions fall into four categories: technical (recovering from backups), managerial (reporting policies), operational (contacting authorities), and physical (fire safety equipment).
Compensating Controls
- In situations where reversing an incident isn't possible, compensating controls provide alternative means to manage security events temporarily.
- For example, implementing firewall rules while waiting for a software patch addresses vulnerabilities without immediate fixes.
- Separation of duties among staff can limit access and reduce risks associated with security concerns.
- Having backup power sources like generators ensures continuity during outages, fitting into the physical category of compensating controls.
Directive Controls
- Directive controls guide users towards secure practices but rely on their compliance; they are generally weaker than other control types.
- Examples include requiring sensitive information to be stored in encrypted folders or signage indicating restricted access areas.
Summary of Control Types
- File storage policies represent technical directive controls; compliance policies fit into managerial categories; training sessions align with operational directives; and signs indicating restricted access belong to the physical category.