This material was developed with funding from the
National Science Foundation under Grant # DUE 1601612
Security Controls are safeguards or countermeasures that an organization implements to avoid, detect, counteract, or minimize security risks to organizational assets.
Categorizing security controls by function is really the reason for choosing and implementing a countermeasure. A countermeasure can fall into more than one functional category.
Preventative security controls can block or stop someone or something from performing a malicious action.
A detective control helps to uncover any malicious action. Detective countermeasures will not stop or mitigate intrusions, but it will identify and report them.
Installing a Fix
Corrective controls bring a system back to a normal state.
Deterrent security controls discourage attackers from performing malicious acts.
Recovery security controls help systems get back to a normal state before the attack occurred. These countermeasures also work together with corrective controls.
Service Level Agreement
with a Third Party
Compensating controls provide an alternative solution to a countermeasure that is too expensive, impractical, or impossible to implement. A compensating control must meet three criteria:Meet the intent and rigor of the original requirementProvide a similar level of defense--the compensating control sufficiently offsets the risk of what the original requirement was designed to defend againstBe “above and beyond”
Controls and Compliance
Implement security control correctly
To demonstrate compliance, an organization must:
Security controls protect information and information systems from traditional and advanced persistent threats in varied operational, environmental, and technical scenarios. These controls also demonstrate compliance with a variety of governmental, organizational, or institutional security requirements.
Being able to demonstrate control effectiveness in a consistent/repeatable manner contributes to the organization’s confidence that security requirements continue to be satisfied on an ongoing basis.
Demonstrate that controls satisfy
Click to choose your answer.
1 of 28
Information security policy document
1 of 20
2 of 28
3 of 28
File encryption systems
4 of 28
5 of 28
Supervisor approval of critical e-commerce transactions
6 of 28
Hard drive redundancy (RAID)
7 of 28
Off-site backup of assets
8 of 28
Assignment of roles and responsibilities
9 of 28
10 of 28
Database record locking
11 of 28
Organization VPN systems for remote users
12 of 28
Roles and responsibility of management after data breach
Information security awareness, education, and training
13 of 28
14 of 28
Perimeter fencing and lighting
15 of 28
16 of 28
Cameras and guards
17 of 28
Secure disposal of hard drive
Termination of suspicious sessions
18 of 28
Host and network instruction detection systems (IDS)
19 of 28
Detection, tracking and alerts of file modifications or deletions
20 of 28
21 of 28
Host and network instruction prevention systems (IPS)
User restriction to customer data during transactions
22 of 28
23 of 28
Segregation of duties
24 of 28
Separation of development, operations and testing
Elimination of USB ports on point of sales systems
25 of 28
26 of 28
Password policies and controls
27 of 28
Database server restoration systems
28 of 28
You completed the challenge.
Click to choose all that apply and then click Submit to check your answer.
2 of 20
3 of 20
Biometric fingerprint reader
4 of 20
5 of 20
Intrusion prevention system
6 of 20
7 of 20
8 of 20
9 of 20
Intrusion detection system
10 of 20
11 of 20
Technical controls involve hardware and/or software implemented to manage and provide protection.
Welcome to ABC Network. All users must adhere to the Acceptable Use Policy. Please always use the network appropriately for business purposes only. As an employee of ABC, you are required to be aware of and abide the Acceptable Use Policy.
Administrative controls consist of procedures and policies that an organization puts into place when dealing with sensitive information. These controls determine how people act.
Physical controls are mechanisms such as fences and locks deployed to protect systems, facilities, personnel, and resources. Physical controls separate people physically from systems.