Security Controls
Joshua Malone
IS4550
Unit 1 Assignment 1 There are a number of Information Technology security controls. The three most common are: physical, technical, and administrative controls; however, many organizations break down administrative controls into two separate categories: procedural and legal controls. "Security controls are the means of enforcing security policies that reflect the organization's business requirements, " (Johnson). Security controls are implemented to guarantee the information security C-I-A triad. Furthermore, security controls fall into three types of control classifications, they are: preventive, detective and corrective. These classifications are used to specify when a security control applies.
Physical Controls are exactly what they sound like, physical obstacles used to prevent or deter access to IS resources. Physical controls can be barriers such as locked doors, requiring some sort of authentication/authorization command to enter, like a cipher lock or keycard. Biometric scanners are also excellent controls to identify and allow access to authorized personnel. Video cameras and closed-circuit television are also examples of physical controls. For organizations requiring extreme security measures, perimeter barriers such as walls or electric fences are used; additionally, security guards fall into the physical controls category.
Technical Controls are logical and/or software related controls designed to restrict access to the network infrastructure, components, and data. Controls such as discretionary, mandatory access controls, rule- and role-based access controls, and passwords are all examples of technical controls. Physical controls are used to prevent physical access to the physical components; whereas technical controls are implemented to prevent digital/logical access if physical access is achieved. Some physical hardware can also fall under the technical control category because they contain the software utilized to prevent
IS4550
Unit 1 Assignment 1 There are a number of Information Technology security controls. The three most common are: physical, technical, and administrative controls; however, many organizations break down administrative controls into two separate categories: procedural and legal controls. "Security controls are the means of enforcing security policies that reflect the organization's business requirements, " (Johnson). Security controls are implemented to guarantee the information security C-I-A triad. Furthermore, security controls fall into three types of control classifications, they are: preventive, detective and corrective. These classifications are used to specify when a security control applies.
Physical Controls are exactly what they sound like, physical obstacles used to prevent or deter access to IS resources. Physical controls can be barriers such as locked doors, requiring some sort of authentication/authorization command to enter, like a cipher lock or keycard. Biometric scanners are also excellent controls to identify and allow access to authorized personnel. Video cameras and closed-circuit television are also examples of physical controls. For organizations requiring extreme security measures, perimeter barriers such as walls or electric fences are used; additionally, security guards fall into the physical controls category.
Technical Controls are logical and/or software related controls designed to restrict access to the network infrastructure, components, and data. Controls such as discretionary, mandatory access controls, rule- and role-based access controls, and passwords are all examples of technical controls. Physical controls are used to prevent physical access to the physical components; whereas technical controls are implemented to prevent digital/logical access if physical access is achieved. Some physical hardware can also fall under the technical control category because they contain the software utilized to prevent