click below
click below
Normal Size Small Size show me how
1.1 Security+
Security+ Exam - General Security Concepts
| Term | Definition | Examples |
|---|---|---|
| Technical Security Controls | security measures implemented through hardware or software to protect systems, networks, and data | Ex. Firewalls |
| Managerial Security Controls | admin. security controls that are policies, procedures, and guidelines that manage and direct an organization's security efforts | Ex. Strong password policy within a company |
| Operational Security Controls | processes and procedures carried out by people to ensure the effective implementation and day-to-day management of security | Ex. Security guards checking a badge for entry |
| Physical Controls | security measures designed to protect physical assets and facilities from an unauthorized access or damage Ex. A locked data center with a RFID access scanner | Ex. A locked data center with a RFID access scanner |
| Preventative Control Types | security measures designed to stop security incidents or unauthorized actions before they occur Ex. MFA, Firewall, Strong passwords | Ex. MFA, Firewall, Strong passwords |
| Deterrent Control Types | security controls are measures designed to discourage potential attackers from attempting a security violation Ex. Security camera sign posted outside of the office | Ex. Security camera sign posted outside of the office |
| Detective Control Types | measures designed to identify and detect security incidents or unauthorized activities after they occur or are in progress Ex. An IDS (intrusion detection system) that monitors network traffic and alerts administers of suspicious activity | Ex. An IDS (intrusion detection system) that monitors network traffic and alerts administers of suspicious activity |
| Corrective Control Types | measures designed to fix or restore systems after a security incident has occurred Ex. Patch update applied to a system to fix a vulnerability after it has been discovered | Ex. Patch update applied to a system to fix a vulnerability after it has been discovered |
| Compensating Control Type | alternative measures put in place when a primary control cannot be implemented, providing a similar level of protection Ex. Increased monitoring and logging when a MFA cannot be supported by a system | Ex. Increased monitoring and logging when a MFA cannot be supported by a system |
| Directive Control Type | security measures that guide and instruct users on proper behavior to ensure security policies are followed Ex. An AUP (Acceptable use policy) that tells employees how they are allowed to use company systems and data | Ex. An AUP (Acceptable use policy) that tells employees how they are allowed to use company systems and data |