Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Security Controls

    Încărcat de

    kashmala khalid
    36 vizualizări18 pagini

    Titlu original

    SECURITY CONTROLS.pptx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    36 vizualizări18 pagini

    Security Controls

    Încărcat de

    kashmala khalid

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 18

    SECURITY CONTROLS

    DEFINATION

    “Security controls are safeguards or


    countermeasures to avoid, detect,
    counteract, or minimize security risks to
    physical property, information, computer

    systems, or other assets.
    WHY SECURITY CONTROLS

     To control, avoid, and safe data from


     THREATS
     ATTACKS
     VALNURABILITY
    ON
    (CIA Architecture)
     CONFIDENTIALITY
     INTEGRITY
     AVAILABILITY
    LEAST PRIVILEGE
    Protection measures (otherwise known as security
    controls) tend to fall into two categories.
     First, security weaknesses in the system need to
    be resolved. For example, if a system has a
    known vulnerability that attackers could exploit,
    the system should be patched so that the
    vulnerability is removed or mitigated.
     Second, the system should offer only the
    required functionality to each authorized user,
    so that no one can use functions that are not
    necessary. This principle is known as least
    privilege.
    LEAST PRIVILEGE

    Limiting functionality and resolving security


    weaknesses have a common goal: give
    attackers as few opportunities as possible to
    breach a system.
    TYPES OF CONTROLS

    There are three types of security controls, as follows:


    Management controls
    Operational controls
    Technical controls
    MANAGEMENT CONTROLS

    “The security controls that focus on the


    management of risk and the management
    of information system security.”
    EXAMPLE:
    a security policy is a management control
    OPERATIONAL CONTROLS

    “The security controls that are primarily


    implemented and executed by people (as
    opposed to systems).”

    EXAMPLE:
    a security policy is a management control, but
    its security requirements are implemented by
    people.
    TECHNICAL CONTROLS
    “The security controls that are primarily
    implemented and executed by the system
    through the system's hardware, software, or
    firmware.”

     EXAMPLE:
     For example, a security policy is a management control,
    but its security requirements are implemented by people
    (operational controls) and systems (technical controls).
    CATEGORIES OF CONTROLS
    They can be classified by several criteria. For example, according to
    the time that they act, relative to a security incident:

     Before the event, PREVENTIVE CONTROLS are intended to prevent


    an incident from occurring e.g. by locking out unauthorized
    intruders;
     During the event, DETECTIVE CONTROLS are intended to identify
    and characterize an incident in progress e.g. by sounding the
    intruder alarm and alerting the security guards or police;
     After the event, CORRECTIVE CONTROLS are intended to limit the
    extent of any damage caused by the incident e.g. by recovering
    the organization to normal working status as efficiently as possible.
    CATEGORIES OF CONTROLS
    According to their nature, for example:
    Physical controls e.g. fences, doors, locks and fire
    extinguishers;
    Procedural controls e.g. incident response processes,
    management oversight, security awareness and training;
    Technical controls e.g. user authentication (login) and
    logical access controls, antivirus software, firewalls;
    PROBLEM WITH SECURITY
    CONTROLS

    A common problem with security controls is that they


    often make systems less convenient or more difficult to
    use. When usability is an issue, many users will attempt to
    circumvent security controls; for example, if passwords
    must be long and complex, users may write them down.
    Balancing security, functionality, and usability is often a
    challenge. The goal should be to strike a proper
    balance: provide a reasonably secure solution while
    offering the functionality and usability that users require.
    MULTIPLE LAYERS OF SECURITY
    (DEFENCE IN DEPTH)

     Another fundamental principle with security controls is using


    multiple layers of security—defense in depth. For example,
    sensitive data on a server may be protected from external
    attack by several controls, including a network-based firewall,
    a host-based firewall, and OS patching. The motivation for
    having multiple layers is that if one layer fails or otherwise
    cannot counteract a certain threat, other layers might
    prevent the threat from successfully breaching the system. A
    combination of network-based and host-based controls is
    generally most effective at providing consistent protection.
    REAL LIFE USES OF SECURITY
    CONTROLS
    REAL LIFE USES OF SECURITY
    CONTROLS
    Networks
    System security
    Offices
    Server side
    Client side
    ADVANTAGES & DISADVANTAGES
    ADVANTAGES:
    • Protection from malicious attacks on your network.
    • Deletion and/or guaranteeing malicious elements with in a
    preexisting network.
    • Prevent users from authorized access to the network.
    DISADVANTAGES:
    • Hacking:
    • they can be hacked easily.
    ANY QUSTIONS

    ?
    THANK
    YOU

    S-ar putea să vă placă și