security controls

What is security control? It’s a technical or administrative safeguard and a counter measures to avoid, counteract or minimize loss or unavailability due to threats acting on their matching vulnerability, i.e., security risk.

The institute United States General Accounting Office or GAO define a Security Control like this „The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, and competence of the entity’s people; management’s philosophy and operating style; and the way management assigns authority and organizes and develops its people.”

From this we can say that it’s the administrator’s part to give persons information about the actions that the person takes.

Activity phase controls are classified as follows:
• Preventative controls exist to prevent the threat from coming in contact with the weakness.
• Detective controls exist to identify that the threat has landed in our systems.
• Corrective controls exist to mitigate or lessen the effects of the threat being manifested.

These actions can be minimized by using a security program. Like a Firewalls that are a preventative control. Or using an administrative or personnel corrective controls.

And to Illustration of phase controls there is a table her under.

Preventative

Detective

Corrective

Compensatory

Security Awareness Training

System Monitoring

OS Upgrade

Backup Generator

Firewall

IDS

Backup Data Restoral

Hot Site

Anti-virus

Anti-Virus

Anti-Virus

Server Isolation

Security Guard

Motion Detector

Vulnerability Mitigation

IPS

IPS

By : Alexander I Ólafsson

Link :http://www.sans.edu/research/security-laboratory/article/security-controls

Link: http://www.gao.gov/special.pubs/ai12.19.6.pdf

 

 

Advertisements
This entry was posted in IT Security, Week 37. Bookmark the permalink.

One Response to security controls

  1. Pingback: Federal agencies experience major leap in security incidents since … « The Puchi Herald: News from the World

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s