Terms in this set (13)
Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. Includes password policies, employee screening, training procedures, and compliance with legal regulations.
The security/logical controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. Includes firewalls, authentication systems, encryption protocols etc.
Information security safeguards focusing on lower-level planning that deals with the functionality of the organization's security. These safeguards include disaster recovery, incident response planning, backup-management, and security assessments . Day-to-day employee activities used to achieve security goals.
Controls to protect the organization's people and physical environment, such as locks, fire management, gates, and guards.
controls that deter problems before they arise
ex: hiring qualified personnel, segregating employee duties, and controlling physical access to assets and information
Monitor controls designed to detect active threats as they occur or record them for later evidence. Primarily notify security personnel rather than secure assets themselves.
Follow-up controls implemented to remedy circumstance, mitigate damage, or restore controls. Include data backup and restore, changing compromised passwords, applying system patches, etc.
Security controls that attempt to discourage individuals from causing a security incident.
-Need to Know
-Separation of Duties
- Access controls
controls that reject invalid data inputs, prevent unauthorized data outputs, and protect data and programs against accidental or malicious tampering
- digital sigs
- Version control
Redundancy, Fault Tolerance, Patch Management.
Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.
OTHER SETS BY THIS CREATOR
Risk and Asset identification
Events and Incidents
Defense In Depth
Security Standards Orgs
THIS SET IS OFTEN IN FOLDERS WITH...
Security Plus:The CIA Triad