There are many ways to prevent or minimize the impact of a security event. In this video, you’ll learn about the different security control categories.
<< Previous Video: Continuity of Operations Next: Data Destruction >>
There are many different security risks out there, and there are all different shapes and forms. We have to protect ourselves against someone walking in the door and stealing our equipment. And we also have to protect ourselves from somebody attacking us online. We also have different kinds of assets that we need to secure, not just the data that’s inside of our systems, but we also need to protect the physical systems themselves.
As a security professional, your job will be to stop the security events that can be prevented. You want to minimize the impact of those that you can’t and limit any damage that may occur during one of these security incidents. There’s three different control types that most security professionals will implement.
The first we’ll look at is a technical control type. This is where we’re using the systems and the software inside of our infrastructure to be able to limit the impact or to prevent a security event.
There are also administrative control types that can help people understand how to manage the security in your environment. Formal security policies and standard operating procedures are good examples of an administrative control type.
And we have physical control types that exist in the real world. These might be controls such as fences or locks that separate people physically from our systems. One type of security control is a deterrent. This is a type of control that may not necessarily prevent someone from performing an attack, but it may give them a warning, such as a sign that you might put on a fence or login banner that someone sees when they first connect to a system.
The preventive security control is one that will keep people away from your systems. This might be a door lock or a security guard, where you can physically separate someone from your systems. You could also use a firewall as a technical control type to be able to implement a preventive security control.
A detective security control is going to be able to tell you when a particular event occurs. This may not keep someone away from the system, but it may provide you with a log or a way to track when anyone happens to come near any of your systems. In the physical world, a motion detector is a very good detective security control. And on our systems, we commonly use an intrusion detection system or an intrusion prevention system.
A compensating security control doesn’t stop an attack. But it can get you back up and running using other means. For example, if someone attacks your systems and deletes all of your data, you can compensate for this by restoring all of the data from your known good backups.
And a corrective security control is designed to mitigate any damage that may be created by an attack. For example an IPS is a good way to block an attack as the attack is occurring across our network. If someone is using ransomware to encrypt our files, we can correct that by using our backups to restore the files back to their original form.