Introduction
Welcome to Security+. Let's grind this out before its graduation day.
Challenges
- [[Sophisticated Attacks]]
- [[Proliferation of Attack Software]]
- [[Attack Scale and Velocity]]
Control Types
Employs the [[Common Security Terminology#Confidentiality, Integrity, and Availability (CIA)|CIA triad]].triad.
Controls are organized in three main ways:
- the way they're implemented
- the goal/function they perform
- how they cover additional areas (employee expectations, policies, discipline, etc.)
| Type | Description |
|---|---|
| Technical | The use of technology to reduce vulnerabilities. |
| Managerial | Administrative actions that define the organization's security posture through policy, guideline, standards, procedures, and other forms of documentation. |
| Operational | The day-to-day procedures and mechanisms that protect an organization's assets. |
| Physical | Measures to prevent physical access to assets, like locks, fences, and security guards. |
| Functional Type | Description |
|---|---|
| Preventive | Acts before an incident to eliminate or reduce the likelihood that an attack can succeed. |
| Detective | Doesn't prevent or deter access, but identify and record an attempted (or successful) intrusion. |
| Corrective | Eliminates or reduces the impact of the security policy violation. |
| Directive | Enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure. |
| Deterrent | Psychologically discourages an attacker from attempting an intrusion, such as signs and warnings of legal penalties. |
Roles and Responsibilities
Job roles and organizational structures are implemented to create a comprehensive security program for organizations.
[[Security OperationsCenter]]Center[[Development andOperations]]Operations[[Computer Incident ResponseTeam]]Team[[Security JobRoles]]Roles