# Security Controls


<!-- wp:paragraph {"backgroundColor":"medium-gray"} -->
<p class="has-medium-gray-background-color has-background"><strong>Action movie fans like myself will enjoy this: Marvel agents go on a quest to find a vital document locked within a safe in a building. The heroes were faced with series of difficulties, each emphasizing a different security control put in place by the Villian. The first obstacle is manipulating an electronic gate(Technical&nbsp;Control) of the building with sophisticated hacking tools to gain access. Next are wild guard dogs(Physical Control) which the team used their firearms on.&nbsp;When the team gets to the safe's room, they find a tripwire, a security device managed with strategic precision. Contact with this wire will instantly sound an alert; this feature is managed by managerial&nbsp;control. Operational control is demonstrated by the last barrier of security, an identification mechanism at the impenetrable safe where fingerprint scans, retinal recognition, and voice authentication become the key to unlocking the safe</strong></p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>In this post, you will learn about the different types of security controls</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>WALK WITH ME!!!</strong></p>
<!-- /wp:paragraph -->

<!-- wp:jetpack/subscriptions /-->

<!-- wp:paragraph {"align":"center","gradient":"light-green-cyan-to-vivid-green-cyan"} -->
<p class="has-text-align-center has-light-green-cyan-to-vivid-green-cyan-gradient-background has-background"><strong>WHAT ARE SECURITY CONTROLS</strong></p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>I appreciate the NIST definition of security controls, which states, <em><strong>"A countermeasure prescribed for an information system or an organization, designed to protect</strong> <strong>the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements."</strong></em> This definition highlights that we not only need security controls to ensure the CIA of information but to also align security measures or countermeasures with specific objectives and standards set forth for information protection.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong><mark style="background-color:rgba(0, 0, 0, 0);color:#cf2e2e" class="has-inline-color">HAVEN'T HEARD ABOUT CIA TRIAD?</mark></strong><br><strong><mark style="background-color:rgba(0, 0, 0, 0);color:#cf2e2e" class="has-inline-color">CYVALLY GAT YOU <a href="https://cyvally.com/2023/03/26/cybersec-base006-what-is-the-cia-triadconfidentiality-integrity-availability/">WHAT IS CIA?</a></mark></strong></p>
<!-- /wp:paragraph -->

<!-- wp:paragraph {"align":"center","gradient":"light-green-cyan-to-vivid-green-cyan"} -->
<p class="has-text-align-center has-light-green-cyan-to-vivid-green-cyan-gradient-background has-background"><strong>CATEGORIES OF SECURITY CONTROLS</strong></p>
<!-- /wp:paragraph -->

<!-- wp:list -->
<ul><!-- wp:list-item -->
<li><strong>Technical: </strong>refer to the use of technology for risk management and reduction</li>
<!-- /wp:list-item --></ul>
<!-- /wp:list -->

<!-- wp:paragraph -->
<p>Examples include antivirus software, intrusion detection systems, access controls, encryption, and firewalls.</p>
<!-- /wp:paragraph -->

<!-- wp:list -->
<ul><!-- wp:list-item -->
<li><strong>Managerial: </strong>Often referred to as administrative controls,&nbsp;concentrate on planning, policies, and procedures to&nbsp;manage&nbsp;security risk.&nbsp;</li>
<!-- /wp:list-item --></ul>
<!-- /wp:list -->

<!-- wp:paragraph -->
<p>Examples are incident response plans, security awareness training, risk assessments, and security policies.</p>
<!-- /wp:paragraph -->

<!-- wp:list -->
<ul><!-- wp:list-item -->
<li><strong>Operational:</strong> includes day to day procedures and actions that enhance security.</li>
<!-- /wp:list-item --></ul>
<!-- /wp:list -->

<!-- wp:paragraph -->
<p>Examples include incident reporting, change management, backup processes, and user authentication.</p>
<!-- /wp:paragraph -->

<!-- wp:list -->
<ul><!-- wp:list-item -->
<li><strong>Physical:</strong> are measures that prevent unauthorized physical access to assets.</li>
<!-- /wp:list-item --></ul>
<!-- /wp:list -->

<!-- wp:paragraph -->
<p>Examples include locks, security cameras, biometric access controls, and environmental controls (such as fire suppression systems).</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph {"align":"center","gradient":"light-green-cyan-to-vivid-green-cyan"} -->
<p class="has-text-align-center has-light-green-cyan-to-vivid-green-cyan-gradient-background has-background"><strong>TYPES OF SECURITY CONTROLS</strong></p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Preventive:</strong> measures to stop security incidents before they happen. Examples are&nbsp;access controls, encryption, IPS  and firewalls.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Deterrent:</strong> measures to discourage potential attackers making their effort less tempting to continue. Examples include noticeable surveillance cameras, security patrols, and warning signs.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Detective:</strong> measures to identify and alert as security incident happens. Examples include log monitoring, security audits, and IDS.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Corrective:</strong> measures to mitigate the impact of security incidents&nbsp;and return systems&nbsp;to normal operation. examples are&nbsp;recovery techniques, system backups, and incident response plans.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Compensating:</strong> measures that offer substitute protections. Multi-factor authentication is an example.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p><strong>Directive:</strong> Guide behavior and actions to ensure compliance with security policies. Examples include awareness and training programs, safety policies and procedures.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>To&nbsp;provide a multi-layered defense against a range of threats, it is frequently necessary to combine several control types and categories for better effectiveness.</p>
<!-- /wp:paragraph -->

<!-- wp:quote -->
<blockquote class="wp-block-quote"><!-- wp:paragraph -->
<p>“Technology trust is a good thing, but control is a better one.”</p>
<!-- /wp:paragraph --><cite><strong>Stephane Nappo</strong></cite></blockquote>
<!-- /wp:quote -->

<!-- wp:paragraph -->
<p></p>
<!-- /wp:paragraph -->

<!-- wp:paragraph {"gradient":"electric-grass"} -->
<p class="has-electric-grass-gradient-background has-background"><strong>REVIEW QUESTIONS</strong></p>
<!-- /wp:paragraph -->

<!-- wp:jetpack/contact-form -->
<div class="wp-block-jetpack-contact-form"><!-- wp:jetpack/field-checkbox-multiple {"label":"1. Which type of security controls includes day to day procedures and actions that support security?","requiredText":"(required)"} -->
<!-- wp:jetpack/field-option-checkbox {"label":"Technical"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Operational"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Managerial"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Physical"} /-->
<!-- /wp:jetpack/field-checkbox-multiple -->

<!-- wp:jetpack/button {"element":"button","text":"Submit","lock":{"remove":true}} /--></div>
<!-- /wp:jetpack/contact-form -->

<!-- wp:jetpack/contact-form -->
<div class="wp-block-jetpack-contact-form"><!-- wp:jetpack/field-checkbox-multiple {"label":"2. A company is implementing a training program to educate employees about the importance of data protection and adherence to security policies. What type of control does this represent?","requiredText":"(required)"} -->
<!-- wp:jetpack/field-option-checkbox {"label":"Directive"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Deterrent"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Preventive"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Compensating"} /-->
<!-- /wp:jetpack/field-checkbox-multiple -->

<!-- wp:jetpack/button {"element":"button","text":"Submit","lock":{"remove":true}} /--></div>
<!-- /wp:jetpack/contact-form -->

<!-- wp:jetpack/contact-form -->
<div class="wp-block-jetpack-contact-form"><!-- wp:jetpack/field-checkbox-multiple {"label":"3. \u003cstrong\u003eWhich category of security controls involves the use of technology to manage and enforce security policies?\u003c/strong\u003e","requiredText":"(required)"} -->
<!-- wp:jetpack/field-option-checkbox {"label":"Technical"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Managerial"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Operational"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Physical"} /-->
<!-- /wp:jetpack/field-checkbox-multiple -->

<!-- wp:jetpack/button {"element":"button","text":"Submit","lock":{"remove":true}} /--></div>
<!-- /wp:jetpack/contact-form -->

<!-- wp:jetpack/contact-form -->
<div class="wp-block-jetpack-contact-form"><!-- wp:jetpack/field-checkbox-multiple {"label":"4. A data center is implementing biometric access controls and surveillance cameras to restrict physical access to server rooms. What type of controls are being employed in this scenario?","requiredText":"(required)"} -->
<!-- wp:jetpack/field-option-checkbox {"label":"Physical"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Compensating"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Preventive"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Managerial"} /-->
<!-- /wp:jetpack/field-checkbox-multiple -->

<!-- wp:jetpack/button {"element":"button","text":"Submit","lock":{"remove":true}} /--></div>
<!-- /wp:jetpack/contact-form -->

<!-- wp:jetpack/contact-form -->
<div class="wp-block-jetpack-contact-form"><!-- wp:jetpack/field-checkbox-multiple {"label":"5. An organization recently experienced a security incident, and the IT team is working to restore compromised systems. What type of control is being applied in this corrective action?","requiredText":"(required)"} -->
<!-- wp:jetpack/field-option-checkbox {"label":"Directive"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Corrective"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Detective"} /-->

<!-- wp:jetpack/field-option-checkbox {"label":"Preventive"} /-->
<!-- /wp:jetpack/field-checkbox-multiple -->

<!-- wp:jetpack/button {"element":"button","text":"Submit","lock":{"remove":true}} /--></div>
<!-- /wp:jetpack/contact-form -->

