What Controls?
Firewalls are a typical implementation of this kind of security control
What is a Technical security control?
Encryption is a technical control, but is an example of this category of security control
What is a Preventative security control?
This proves I did what I did
What is Non-Repudiation?
This is a contingency plan in case a change does not go as planned or has unforeseen consequences
What is a Backout Plan?
javainuse.com/aesgenerator <---this might be helpful, all the information you need is there
This system enables secure communication and encryption without needing to share private keys
What is PKI Public Key Infrastructure?
This type of control focuses on policies, procedure, and strategies for security
What is a Managerial Control?
These are two examples of deterrent security controls
What are warning signs, security patrols, lights, announcements (other possibilities)?
This shows the difference between where security measures are and where they are desired to be
What is a Gap Analysis?
This refers to the numbering of software, used to track what software is being used and to ensure that systems are running the expected software
What is Version Control?
This is the method of hiding data within another piece of data, can be detected through hashing if you have a known original version of the data
What is Steganography?
Wilma was tasked with evaluating entryways to see if bollards are appropriate. She determines that bollards are useful and recommends them to the CSO and is told that she can contact a contractor to get quotes. Bollards are an example of this kind of security control.
What is Physical security control?
This is how a detective security control achieves it's function
What is identify and respond to events after they occur, examples include IDS, audits, log monitoring?
This is the idea that you always verify identity and authentication factors before accepting a connection or anything else
What is Zero Trust?
This is the biggest and often most costly downside to the implementation of changes in most scenarios, assuming there are no issues stemming from the change itself
What is Downtime?
This is the method of using a substitute piece of data in place of a sensitive piece of data, like a credit card number or health information
What is Tokenization?
Using an Incident Response Plan is an example of this kind of security control.
What is Operational security control?
An Incident Response plan is an operational control but is also this category of security control
What is a Corrective security control?
This is the last thing you should do when writing an ACL
What is writing an Implicit Deny?
This should be performed to understand the short and long term security implications of a change before it is implemented, used to understand the potential risks of a change
What is an Impact Analysis?
This resource on a CA tracks certificates that are no longer valid before their expiration date due to compromise, loss, or other security concerns
What is a CRL Certificate Revocation List?
A risk assessment is an example of this kind of security control.
What is a Managerial security control?
This category of security control focuses on using alternatives as a mitigation tactic when other security controls may be lacking.
What is a Compensating security control?
These are used to attempt to understand the behavior of a malicious actor on a single host with no production data on it
What is a Honeypot?
These are stated so that users and customers know when to expect systems to be offline for a change
What is a Maintenance Window?
This refers to the most trusted authority on a certificate, the one that requires no external validation
What is the Root of Trust?