Hello and welcome back to Sai Berries. 2019 can tear security plus certification Preparation course.
We continue our discussion off marginal of five, which in fact, is domain five and its title risk management.
Surprising enough, we have a brand new learning objective, which is 5.7, where we had the compared contrast various types of controls
here again, as we mentioned before, this is a brand new learning objective here getting some sub topics, which encompasses
this particular learn objective. What we have to compare contrast various types of controls.
The first item on our agenda is a pre assessment quiz, and it reads as follows, which are following is another term for Technical Joe's. Is it a access and shows Be logical controls. See detective controls or deep preventive controls.
In this case, if you selected be, you're absolutely correct because technical chose
are used to rescript data access and operate system components, security applications, network devices and encryption techniques.
And article show is a procedure policy that provides a reasonable assurance that the influence technology used by an organisation operates as intended, that the data is reliable and that the organizations in compliance with Apple laws and regulations. So we look at the control or common marriages.
They are put in the place to mitigate. Other words. Reduce the potential risk.
A kind of magic, maybe a software configuration,
a hardware device or procedure that eliminates a vulnerability. Or that reduces the likelihood that a threat agent would be able to explore a vulnerability
if a system can show is in fact a process of which an enterprise structure, authority and work flows. Management information systems are implemented to achieve specific objectives while minimizing risk.
It comprises your enterprise structures, procedures, policies and practices. Implement to lower the level risk. In an enterprise, you can either be manual or automated.
This brings us to the types of controls
the first control we want to highlight here. First of all, it's called a deterrent control.
Now the turn controls anything intended
to warn. It would be hacker that they should not attack. This could be a poster one notice that they would be prosecuted. The fullest extent of the law locks on the doors, barricades, lighting or anything that can delay or discourage an attacker.
Then we have what we call our preventive controls.
There used to keep a loss or an error from a current example of a preventive control or segregation of duties and the physical protection of your assets. These controls are typically integrated into a process so that they are applied on a continual basis.
Then we have I detected controls. They are designed to detect attacks against information systems and prevent them from being successful.
These detective control detect anomalies and send alerts doing an authorized other words. Alerts regarding unauthorized alert
would be even Have somebody
access your your asset and what it does. Is it nurture you said that some form alert, for example, This include intrusion detection systems and system information System of Siemens Sims. In other words, some control, such as your anti virus and anti merah software and choosing prevention system, are considered both preventive
as well as detective.
Continue over that discussion off the different types of controls
the next we want to take a little call corrective controls.
Basically, it modifies environment to return system to normal state. At that I don't wanna activity. It attempts to correct any problems that have occurred. Other words and looks at the back up a V and a virus and so forth.
Then we have recovery controls.
Basic the extension off your corrected control, but have more advanced abilities. Backup, restore fault tolerant system imaging and so forth.
Then we have, ah, compensating controls. Basic comes in and show provides an alternate solution to a kind of measures that either impossible or too expensive to implement.
As you may notice, one patrol may serve and served it one
to arm or functional areas. For example. The security guards are considered to be prevents, detective, as was a turn as well,
continuing without ministry controls. Miskell shows, also called procedure controls, are probably procedures and positive defined, and God employs actions and dealing with organization, insisted information.
Then we have what we call a technical controls. Here,
Tekle chose involved the hardware or software mechanism used to manage and also provide protection. A good example. Be a firewall, password, biometrics and so forth.
Then we have our physical controls are used to deter or they're not unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm. Example may include fences, doors, locks as well as five signatures.
At this point time we have a post assessment quiz, and it reads as follows.
You are a security administrator and advised the Web development team to include a capture on the webpage where users registered for an account which are following controls. Is this referring to Is a deterrent.
Be detective see compensating or d d causing
in this case, if you selected eight, you absolute correct because as uses register for an account,
they enter letters and numbers they're given on the webpage before they can register. This is example to turn contro as of event bots from resident improved, this is, in fact, a real person.
At this point time, we have our key takeaways from this particular video presentation.
During the course of the particular presentation we learned the following, we learned that a Turk intro is anything intended to warn a would be attacker that they should not attack.
We don't that prevented. Controls are used to keep a loss or error from occurring.
We learned that the technical chosen designed to detect attacks against information systems and prevent them from being successful.
We know that technol chose our security safeguards, that kind of marriages that are implemented using hardware software off firmer components off information systems. Some example includes antivirus and I'm Airways software firewalls At was your logical access control systems as well.
We don't administer control of security controls, also called procedure controls and our primary procedures and policies that define and got employs actions and dealing with the owners. Aides insisted Information
in our welcoming video would be taken. Look at a brand new objective.
Basically be 5.8, where we have to be given a scenario and carry out data security and privacy practices. And again, I look forward to seeing you in a very next video.