CISSP Study Guide
December 15, 2022

CISSP Study Guide: Controls for Operational Security

Cybrary
Share

Operational security is executed through various types of controls. These controls offer varying degrees of protection and fall into six broad categories:

  • Preventive controls – designed to reduce damage and frequency of unintentional errors and to prevent unauthorized access to the system. Data validation mechanisms are examples of preventative operational security controls.
  • Detective controls – used to detect errors once they have occurred. These controls go into effect after the incident, and can be used to trace an unauthorized transaction for prosecution, or to reduce adverse influence of an error on the system by catching it early. An audit trail is an example of a detective operational security control.
  • Corrective or recovery controls – these are designed to alleviate consequences of a loss event through data recovery procedures. Redundant systems, RAID and tape backup are examples of corrective operational security controls.
  • Deterrent or directive controls – employed to encourage compliance with external controls and impede violations. These controls are meant to enhance other types of controls. An administrative policy stating that those who place unauthorized modems on the network could be fired is an example of a deterrent operational security control.
  • Application controls – mechanisms designed into a software application to reduce and trace software’s operational irregularities.
  • Transaction controls – used to provide control over the various phases of a data transaction. Some common types of transaction controls include:
    • Input controls are designed to ensure that transactions are properly implemented and are inputted only once into the system.
    • Processing controls are designed to ensure that transactions are valid and accurate and that wrong entries are reprocessed correctly and immediately.
    • Output controls are designed to safeguard the confidentiality of an output and verifies the integrity of an output by comparing the input transaction with the output data.
    • Change controls are designed to protect data integrity in a system while adjustments are made to the configuration.
    • Test controls are implemented during the testing of a system to prevent violations of confidentiality and to preserve a transaction’s integrity.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More