2 cissp ® Official Study Guide Eighth Edition

Chapter 2  ■ Personnel Security and Risk Management Concepts Preventive

Download 19,3 Mb. Pdf ko'rish bet 92/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• Compensating

80 Chapter 2  ■ Personnel Security and Risk Management Concepts Preventive A  preventive control is deployed to thwart or stop unwanted or unauthorized activity from  occurring. Examples of preventive controls include fences, locks, biometrics, mantraps, light- ing, alarm systems, separation of duties, job rotation, data classification, penetration testing,  access-control methods, encryption, auditing, presence of security cameras or closed-circuit  television (CCTV), smartcards, callback procedures, security policies, security-awareness  training, antivirus software, firewalls, and intrusion prevention systems (IPSs). Detective A  detective control is deployed to discover or detect unwanted or unauthorized activ- ity. Detective controls operate after the fact and can discover the activity only after it has  occurred. Examples of detective controls include security guards, motion detectors, record- ing and reviewing of events captured by security cameras or CCTV, job rotation, manda- tory vacations, audit trails, honeypots or honeynets, intrusion detection systems (IDSs),  violation reports, supervision and reviews of users, and incident investigations. Compensating A  compensation control is deployed to provide various options to other existing controls to  aid in enforcement and support of security policies. They can be any controls used in addi- tion to, or in place of, another control. For example, an organizational policy may dictate  that all PII must be encrypted. A review discovers that a preventive control is encrypting all  PII data in databases, but PII transferred over the network is sent in cleartext. A compensa- tion control can be added to protect the data in transit. Corrective A  corrective control modifies the environment to return systems to normal after an  unwanted or unauthorized activity has occurred. It attempts to correct any problems that  occurred as a result of a security incident. Corrective controls can be simple, such as termi- nating malicious activity or rebooting a system. They also include antivirus solutions that  can remove or quarantine a virus, backup and restore plans to ensure that lost data can be  restored, and active IDs that can modify the environment to stop an attack in progress. The  control is deployed to repair or restore resources, functions, and capabilities after a viola- tion of security policies. Recovery Recovery controls are an extension of corrective controls but have more advanced or com- plex abilities. Examples of recovery controls include backups and restores, fault-tolerant  drive systems, system imaging, server clustering, antivirus software, and database or vir- tual machine shadowing. In relation to business continuity and disaster recovery, recovery  controls can include hot sites, warm sites, cold sites, alternate processing facilities, service  bureaus, reciprocal agreements, cloud providers, rolling mobile operating centers, and mul- tisite solutions. Understand and Apply Risk Management Concepts  Download 19,3 Mb. Do'stlaringiz bilan baham: