What Controls?
Even More Controls?
We put the Fun in Fundamentals
Ch Ch Changes
zOnBZ1xZaM1hZ+GXNGEVkoCTd0adLvURYtUe38eMFqxAVdyK7tzAk8fb/GHW2bRuTo//AF6bm1yshzJId+Q5+DVyhvoG818WfrrNOmGhBs4=
100

Firewalls are a typical implementation of this kind of security control

What is a Technical security control?

100

Encryption is a technical control, but is an example of this category of security control

What is a Preventative security control?

100

This proves I did what I did

What is Non-Repudiation?

100

This is a contingency plan in case a change does not go as planned or has unforeseen consequences

What is a Backout Plan?

100

javainuse.com/aesgenerator <---this might be helpful, all the information you need is there

This system enables secure communication and encryption without needing to share private keys

What is PKI Public Key Infrastructure?

200

This type of control focuses on policies, procedure, and strategies for security

What is a Managerial Control?

200

These are two examples of deterrent security controls

What are warning signs, security patrols, lights, announcements (other possibilities)?

200

This shows the difference between where security measures are and where they are desired to be

What is a Gap Analysis?

200

This refers to the numbering of software, used to track what software is being used and to ensure that systems are running the expected software

What is Version Control?

200

This is the method of hiding data within another piece of data, can be detected through hashing if you have a known original version of the data

What is Steganography?

300

Wilma was tasked with evaluating entryways to see if bollards are appropriate. She determines that bollards are useful and recommends them to the CSO and is told that she can contact a contractor to get quotes. Bollards are an example of this kind of security control.

What is Physical security control?

300

This is how a detective security control achieves it's function

What is identify and respond to events after they occur, examples include IDS, audits, log monitoring?

300

This is the idea that you always verify identity and authentication factors before accepting a connection or anything else

What is Zero Trust?

300

This is the biggest and often most costly downside to the implementation of changes in most scenarios, assuming there are no issues stemming from the change itself

What is Downtime?

300

This is the method of using a substitute piece of data in place of a sensitive piece of data, like a credit card number or health information 

What is Tokenization?

400

Using an Incident Response Plan is an example of this kind of security control.

What is Operational security control?

400

An Incident Response plan is an operational control but is also this category of security control

What is a Corrective security control?

400

This is the last thing you should do when writing an ACL

What is writing an Implicit Deny?

400

This should be performed to understand the short and long term security implications of a change before it is implemented, used to understand the potential risks of a change

What is an Impact Analysis?

400

This resource on a CA tracks certificates that are no longer valid before their expiration date due to compromise, loss, or other security concerns

What is a CRL Certificate Revocation List?

500

A risk assessment is an example of this kind of security control.

What is a Managerial security control?

500

This category of security control focuses on using alternatives as a mitigation tactic when other security controls may be lacking.

What is a Compensating security control?

500

These are used to attempt to understand the behavior of a malicious actor on a single host with no production data on it

What is a Honeypot?

500

These are stated so that users and customers know when to expect systems to be offline for a change

What is a Maintenance Window? 

500

This refers to the most trusted authority on a certificate, the one that requires no external validation

What is the Root of Trust?

M
e
n
u