What are the categories of security control

0 votes
I’m learning about security controls and have encountered terms like technical, administrative, and physical controls. Can someone break down these categories and provide examples of each? I’d also like to understand how these categories align with preventive, detective, and corrective controls.
Jan 6 in Cyber Security & Ethical Hacking by Anupam
• 9,050 points
42 views

1 answer to this question.

0 votes

Security controls are essential measures implemented to protect information assets by mitigating risks and safeguarding against threats. These controls are commonly categorized into three primary types:

  1. Administrative Controls

    • Definition: Policies, procedures, and guidelines that define personnel or business practices in accordance with the organization's security goals.
    • Examples:
      • Security Policies: Formalized statements that dictate acceptable use of organizational resources.
      • Employee Training: Programs designed to educate staff about security best practices and protocols.
      • Incident Response Plans: Established procedures for addressing security breaches or incidents.
  2. Technical Controls

    • Definition: Security measures implemented through technology to protect information systems.
    • Examples:
      • Firewalls: Systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.
      • Encryption: Techniques that encode data to prevent unauthorized access.
      • Access Controls: Mechanisms that restrict access to systems and data to authorized users.
  3. Physical Controls

    • Definition: Measures designed to prevent physical access to IT systems and infrastructure.
    • Examples:
      • Security Guards: Personnel responsible for monitoring and protecting facilities.
      • Surveillance Cameras: Devices that record activities within and around facilities to deter and detect unauthorized access.
      • Access Badges: Identification cards that grant or restrict entry to specific areas.

These categories align with the functional objectives of security controls, which can be:

  • Preventive Controls

    • Purpose: To stop security incidents before they occur.
    • Examples:
      • Technical: Firewalls that block unauthorized access.
      • Administrative: Security policies enforcing strong password requirements.
      • Physical: Locked doors restricting access to server rooms.
  • Detective Controls

    • Purpose: To identify and detect security incidents in real-time or after they occur.
    • Examples:
      • Technical: Intrusion Detection Systems (IDS) that monitor network traffic for suspicious activity.
      • Administrative: Regular audits and monitoring of user activities.
      • Physical: Surveillance cameras recording access to secure areas.
  • Corrective Controls

    • Purpose: To respond to and rectify security incidents, restoring systems to normal operations.
    • Examples:
      • Technical: Applying patches to fix vulnerabilities after detection.
      • Administrative: Implementing revised procedures following a security breach.
      • Physical: Repairing damaged security equipment.

It's important to note that some controls may span multiple categories. For instance, a firewall primarily serves as a preventive control by blocking unauthorized access but can also have detective capabilities if it includes logging and monitoring features. Understanding these categories and their functions aids in developing a comprehensive security strategy that effectively addresses various potential threats.

answered Jan 7 by CaLLmeDaDDY
• 15,040 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

What are the elements of Cyber Security

Dec 8, 2021 in Cyber Security & Ethical Hacking by Error
• 420 points
456 views
0 votes
0 answers

what are the elements of cyber security

what are the elements of cyber security READ MORE

Dec 10, 2021 in Cyber Security & Ethical Hacking by Kavya
• 700 points
562 views
0 votes
1 answer

What are the five steps of ethical hacking?

The 5 major steps involved in ethical ...READ MORE

answered Jan 31, 2020 in Cyber Security & Ethical Hacking by Sirajul
• 59,230 points

edited Oct 6, 2021 by Sarfaraz 6,927 views
0 votes
0 answers

what are the best cyber security courses?

Dec 17, 2021 in Cyber Security & Ethical Hacking by Edureka
• 13,620 points
758 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 15,040 points
199 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 15,040 points
351 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 15,040 points
199 views
+1 vote
1 answer
0 votes
1 answer

What are the steps of risk assessment in information security?

Conducting a comprehensive risk assessment in information ...READ MORE

answered Jan 7 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 15,040 points
42 views
0 votes
1 answer

What are the security risks of expired SSL certificates?

An expired SSL certificate poses several security ...READ MORE

answered Jan 10 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 15,040 points
29 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP