Cybersecurity Controls
Start
1/8
This material was developed with funding from the
National Science Foundation under Grant # DUE 1601612
Next
Back
Restart
Security Controls are safeguards or countermeasures that an organization implements to avoid, detect, counteract, or minimize security risks to organizational assets.
Physical
Administrative
Technical
Introduction
Controls and
Compliance
Detective
Corrective
Challenge 1
Functional
Security Controls
Recovery
Preventative
Compensating
Challenge 2
Deterrent
3/8
Functional
Security Controls
Categorizing security controls by function is really the reason for choosing and implementing a countermeasure. A countermeasure can fall into more than one functional category.
Intrusion
Prevention
System
Security Guard
Video Surveillance
Locks
Antivirus
Firewall
Preventative security controls can block or stop someone or something from performing a malicious action.
Biometric
Access
Control
Fences
Log
Intrusion
Detection
System
Alarm
Video
Surveillance
Lights
A detective control helps to uncover any malicious action. Detective countermeasures will not stop or mitigate intrusions, but it will identify and report them.
Installing a Fix
Update Antivirus
Data Recovery
Corrective controls bring a system back to a normal state.
Video Surveillance
Security Guard
Fences
Deterrent security controls discourage attackers from performing malicious acts.
Guard Dog
Recovery security controls help systems get back to a normal state before the attack occurred. These countermeasures also work together with corrective controls.
Availability 24/7
Back Up
Disaster
Recovery
Datacenter
Reconciliation
Record
keeping
Segregation
of Duties
Authorization
Service Level Agreement
with a Third Party
Custody
Compensating controls provide an alternative solution to a countermeasure that is too expensive, impractical, or impossible to implement. A compensating control must meet three criteria:Meet the intent and rigor of the original requirementProvide a similar level of defense--the compensating control sufficiently offsets the risk of what the original requirement was designed to defend againstBe “above and beyond”
Controls and Compliance
Implement security control correctly
To demonstrate compliance, an organization must:
Security controls protect information and information systems from traditional and advanced persistent threats in varied operational, environmental, and technical scenarios. These controls also demonstrate compliance with a variety of governmental, organizational, or institutional security requirements.
Being able to demonstrate control effectiveness in a consistent/repeatable manner contributes to the organization’s confidence that security requirements continue to be satisfied on an ongoing basis.
Authorized user
Select the
appropriate
security control
Unauthorized user
4/6
Demonstrate that controls satisfy
policy requirements
Element
with Audio
HTML
5/6
Click to choose your answer.
1 of 28
Information security policy document
SUBMIT
1 of 20
6/6
Security guard
Point Total:
0
Confidentiality agreements
2 of 28
3 of 28
Multi-factor authentication
File encryption systems
4 of 28
5 of 28
Supervisor approval of critical e-commerce transactions
6 of 28
Hard drive redundancy (RAID)
7 of 28
Off-site backup of assets
8 of 28
Liability insurance
Assignment of roles and responsibilities
9 of 28
10 of 28
Database record locking
11 of 28
Organization VPN systems for remote users
12 of 28
Roles and responsibility of management after data breach
Information security awareness, education, and training
13 of 28
14 of 28
Perimeter fencing and lighting
Signage
15 of 28
16 of 28
Cameras and guards
17 of 28
Secure disposal of hard drive
Termination of suspicious sessions
18 of 28
Host and network instruction detection systems (IDS)
19 of 28
Detection, tracking and alerts of file modifications or deletions
20 of 28
21 of 28
Host and network instruction prevention systems (IPS)
User restriction to customer data during transactions
22 of 28
23 of 28
Segregation of duties
24 of 28
Separation of development, operations and testing
Elimination of USB ports on point of sales systems
25 of 28
System backups
26 of 28
Password policies and controls
27 of 28
Database server restoration systems
28 of 28
You completed the challenge.
of 28
Click to choose all that apply and then click Submit to check your answer.
2 of 20
3 of 20
Biometric fingerprint reader
4 of 20
Fence
5 of 20
Intrusion prevention system
6 of 20
7 of 20
8 of 20
Door lock
9 of 20
Intrusion detection system
10 of 20
11 of 20
Log file
Technical controls involve hardware and/or software implemented to manage and provide protection.
OK
Password
Welcome to ABC Network. All users must adhere to the Acceptable Use Policy. Please always use the network appropriately for business purposes only. As an employee of ABC, you are required to be aware of and abide the Acceptable Use Policy.
Administrative controls consist of procedures and policies that an organization puts into place when dealing with sensitive information. These controls determine how people act.
Username
Physical controls are mechanisms such as fences and locks deployed to protect systems, facilities, personnel, and resources. Physical controls separate people physically from systems.
Patching operating system
12 of 20
Spam filter
13 of 20
Restoring data files
14 of 20
Lighting
15 of 20
16 of 20
Cold site
17 of 20
System backup
18 of 20
Cloud service
19 of 20
Service Level Agreement
20 of 20
of 20