Technical Controls
KELLER GRADUATE SCHOOL OF MANAGEMENT OF DEVRY UNIVERSITY
Technical Controls
SEC578: Practices Admin Phys & Ops Sec
Professor: Khader Jabra
November17, 2012
By
Angelo Daniels
Technical Controls
False sense of security happens all the time. Administrative, physical, and technical controls have played an important part in information security. Administrative controls consist of organizational policies and guidelines that help minimize the exposure of an organization. They provide a framework by which a business can manage and inform its people how they should conduct themselves while at the workplace and provide clear steps employees can take when they’re confronted with a potentially risky situation. Some examples of administrative controls include the corporate security policy, password policy, hiring policies, and disciplinary policies that form the basis for the selection and implementation of logical and physical controls. Administrative controls are of paramount importance because technical and physical controls are manifestations of the administrative control policies that are in place.
Technical controls use software and hardware resources to control access to information and computing systems, to help mitigate the potential for errors and blatant security policy violations. Examples of technical controls include passwords, network- and host-based firewalls, network intrusion detection systems, and access control lists and data encryption. Associated with technical controls is the Principle of Least Privilege, which requires that an individual, program, or system process is not granted any more access privileges than are necessary to perform the task.
Physical controls monitor and protect the physical environment of the workplace and computing facilities. They also monitor and control access to and from such facilities. Separating the network and workplace into functional areas are also physical controls. An important physical control
Technical Controls
SEC578: Practices Admin Phys & Ops Sec
Professor: Khader Jabra
November17, 2012
By
Angelo Daniels
Technical Controls
False sense of security happens all the time. Administrative, physical, and technical controls have played an important part in information security. Administrative controls consist of organizational policies and guidelines that help minimize the exposure of an organization. They provide a framework by which a business can manage and inform its people how they should conduct themselves while at the workplace and provide clear steps employees can take when they’re confronted with a potentially risky situation. Some examples of administrative controls include the corporate security policy, password policy, hiring policies, and disciplinary policies that form the basis for the selection and implementation of logical and physical controls. Administrative controls are of paramount importance because technical and physical controls are manifestations of the administrative control policies that are in place.
Technical controls use software and hardware resources to control access to information and computing systems, to help mitigate the potential for errors and blatant security policy violations. Examples of technical controls include passwords, network- and host-based firewalls, network intrusion detection systems, and access control lists and data encryption. Associated with technical controls is the Principle of Least Privilege, which requires that an individual, program, or system process is not granted any more access privileges than are necessary to perform the task.
Physical controls monitor and protect the physical environment of the workplace and computing facilities. They also monitor and control access to and from such facilities. Separating the network and workplace into functional areas are also physical controls. An important physical control
Bibliography: Auditor – General South Africa. (March 2010). Good Practice Guide User Account Management. Retrieved November 11, 2012 from http://www.agsa.co.za/Portals/1/Audit%20guidelines/ISA%20good%20practice%20march%202010F.PDF Clinch, Jim. (2009). ITIL V3 and Information Security. Retrieved November 13, 2012 from http://www.best-management-practice.com/gempdf/itilv3_and_information_security_white_paper_may09.pdf Posey, Clay. (2010). Strengthening Cybersecurity Series: A Best Practices Guide to Information Security. Retrieved November 14, 2012 from http://www.businessofgovernment.org/sites/default/files/A%20Best%20Practices%20Guide%20to%20Information%20Security.pdf Vacca, John R. (2009). Managing Information Security. Retrieved November 12, 2012 from http://www.scribd.com/doc/46730516/Managing-Information-Security