Security Controls
Security Controls:
There are hundreds of thousands of security controls that organizations can implement to reduce the risks. Some of the common security controls we will discuss in this section.
These controls use technology to reduce vulnerabilities. An administrator installs and configures technical controls and then these technical controls automatically provide protection. Some of the technical controls are discussed below:
- Encryption:
It is the strong technical control to ensure confidentiality.
- Anti Virus Software:
It provides the protection against the malware functions.
- IDS and IPS:
IDS/IPS can monitor the network or host for intrusion and provide the ongoing protection
- Firewalls:
Firewalls restrict the traffic going in or out of the network.
- Least Privileges:
Least privileges specifies that individuals or processes are granted only privileges then need to perform the assigned tasks.
Administrative Controls:
It uses methods mandated by the organization policies or other guidelines. Some of the administrative controls are discussed below.
- Risk Assessment:
Risk Assessment helps in quantifying and qualifying risks in the organization so that organization can focus on the serious risk.
- Vulnerability Assessment:
Vulnerability Assessment performed to know the current vulnerabilities in the organization so that organization implements the additional controls to reduce the risk from the identified vulnerabilities.
- Penetration Testing:
After performing the vulnerabilities the next step is to exploit those vulnerabilities to more secure the organization.
- Awareness and Trainings:
Training is the most important part in reducing the risk of an organization. Training helps the users to understand the threats such phishing, malware and also to implement the security policies like clean desk policies.
- Configuration and Change Management:
Configuration uses baseline to ensure that the system start in secure and hardened state; on the other hand change management helps to ensure that the change does not result in unintended configuration error.
- Media Protection:
Media protection includes the physical media like USB, internal and external drives.
- Physical and Environment Protection:
Physical security is also an important control; it includes cameras and door locks. Organizations must keep protected critical assets like servers. Environmental controls include the heating and ventilation system of the organization.
Preventive Controls:
To prevent the incident from occurring. Some of the preventive controls are discussed below:
- Hardening:
Hardening is the best practice to make the system more secure by disabling the unnecessary services and removing the default configurations.
- Security Awareness Trainings:
Awareness Training helps the organizations to train their employees about the well known attacks and vulnerabilities that exist in the society. Most important is that social engineering attack employees should be aware of this.
- Security Guards:
Guards prevent many physical attacks like to get access to secure areas of the building of organization.
- Change Management:
There should be a proper change management process so change does not apply on fly. Change management is an operation which attempts to prevent the incident.
- Account Disablement Policy:
Accounts should be disabled when the employees leave.
Detective Controls:
Detective controls help to detect when the vulnerabilities have been exploited. Important point is that it detects the incident after the incident occurs. Some of the detective controls are discussed below:
- Log Monitoring:
Log record details of activity of networks and systems. It helps in detecting the incident
- Trend Analysis:
Trend analysis is the analysis of past alerts to identify on which system there are more attacks.
- Security Audit:
Security Audit helps to examine the security posture of the organization. For example to audit whether strong password policies are implemented or not.
Corrective Controls:
These controls reverse the impact of incidents or problems after it has occured. Some of the corrective controls are discussed below.
- IPS:
Intrusion Prevention System detects attacks and then modifies the environment to block the attack from continuing.
- Backups and System Recovery:
Backups ensure that the data recovered if lost and system recovery procedure ensure the administrator can recover the system after failure.
Deterrent Controls
Deterrent Controls discourage the attackers from attacking or discourage employees from violating the policies. Some deterrent controls are discussed below.
- Cable Locks:
Example of cable locks is that securing the laptops to furniture with cable locks deters thieve from stealing the laptops.
- Hardware Locks:
Locking the server rooms or other critical places deter the attacks.
Compensative Controls
These controls are used to compensate the primary controls for example if organizations use smart cards to access the systems. For new employees it is difficult for them to receive their card on the first day so some other method can be used instead of a smart card.
Comments
Post a Comment