Security Controls - secuguru/security-terms GitHub Wiki

Security controls are measures implemented to reduce risk, protect assets, and ensure the integrity, confidentiality, and availability of information systems. They are used to prevent, detect, mitigate, and respond to threats and vulnerabilities in a system or network. Security controls can be technical, physical, or administrative in nature, and they work together to create a layered defense that safeguards an organization’s data and resources.

Types of Security Controls:

  1. Preventive Controls:
  • Purpose: Prevent security incidents by stopping unauthorized access or actions before they occur.
  • Examples:
    • Firewalls: Block unauthorized access to network resources.
    • Access Control: Limits access based on roles, permissions, or attributes to ensure only authorized users can perform specific actions.
    • Encryption: Protects data in transit or at rest, making it unreadable to unauthorized users.
    • Multi-Factor Authentication (MFA): Requires additional verification factors for access, reducing the risk of unauthorized login.
  1. Detective Controls:
  • Purpose: Identify and detect incidents or suspicious activities in real time, allowing for a quick response.
  • Examples:
    • Intrusion Detection Systems (IDS): Monitors network traffic to detect potential threats, such as malware or port scanning.
    • SIEM Systems: Collects and analyzes log data from various sources to detect security incidents and generate alerts.
    • File Integrity Monitoring: Tracks changes to critical files, alerting security teams of unexpected modifications.
    • Security Audits: Regular audits to detect non-compliance with security policies and procedures.
  1. Corrective Controls:
  • Purpose: Respond to and fix issues after they have been detected, minimizing the impact of an incident.
  • Examples:
    • Patching: Applies updates to software and systems to fix vulnerabilities after they’ve been identified.
    • Backup and Restore: Restores data or systems to an operational state following a compromise, such as ransomware.
    • Incident Response: Steps taken by a security team to contain, investigate, and mitigate the effects of an attack.
  1. Deterrent Controls:
  • Purpose: Discourage attackers from attempting to breach systems by increasing the perceived difficulty of an attack.
  • Examples:
    • Security Awareness Training: Educates employees on security best practices, reducing the likelihood of social engineering attacks.
    • Warning Signs and Legal Notices: Visible signs indicating that unauthorized access is monitored, deterring potential attackers.
    • Physical Security Measures: Security cameras, guards, and signage that deter unauthorized access.
  1. Compensating Controls:
  • Purpose: Provide alternative protections when primary controls cannot be implemented.
  • Examples:
    • Network Segmentation: Divides the network into isolated segments to limit access to sensitive areas.
    • Application Whitelisting: Allows only trusted applications to run, providing security when full application control isn’t possible.
    • Access Logging and Monitoring: Used as a compensating control when strict access control mechanisms are unavailable.
  1. Physical Controls:
  • Purpose: Protect the physical infrastructure where data and systems are stored, limiting access to authorized personnel.
  • Examples:
    • Locks: Secures doors, cabinets, or equipment from unauthorized access.
    • Security Cameras: Monitor physical spaces to detect and deter unauthorized access.
    • Biometric Scanners: Use physical characteristics, like fingerprints or retina scans, to verify identity.
  1. Administrative Controls:
  • Purpose: Implement policies, procedures, and guidelines to manage security within an organization.
  • Examples:
    • Security Policies: Define acceptable use, data protection, and access control policies.
    • Incident Response Plan: Provides steps for responding to and recovering from security incidents.
    • Risk Assessment: Evaluates and prioritizes security risks within the organization to focus on critical areas.
    • Employee Training and Awareness: Educates staff on security protocols and how to recognize potential threats.

Importance of Layered Security Controls:

A strong security posture relies on a combination of these security controls. Using multiple types of controls in a layered or defense-in-depth approach creates redundancies, so if one control fails, others are still in place to protect assets. For instance, even if a firewall (preventive) is bypassed, an intrusion detection system (detective) can still alert security teams of suspicious activity, and backup systems (corrective) can recover lost data.

Summary:

Security Controls are critical measures to protect information and systems from security threats. They can be preventive, detective, corrective, deterrent, compensating, physical, or administrative. Each type serves a unique role in securing an organization, and together they provide a robust defense strategy to detect, prevent, and respond to potential security incidents.