Discussion – Security Controls
The three categories of security control in use today are preventative, detective, and responsive security control measures. The preventative controls are designed in such a way that they can identify and address various forms of vulnerabilities within an organization’s information system (Johnson 65). This is important because it prevents these weaknesses from becoming the gateway for cyber threats. Adoption of diligent risk management practices goes a long way in identifying potential weaknesses and fortifying the system against attacks. Some of the preventative controls for safeguarding the system of an organization include employee screening and training, separation of duties, and pre-approval of actions by employees within the organization (Johnson 69).
As the second type, detective controls perform the function of guardians by alerting the organization of all the available potential breach attempts. Detective controls serve as early-warning systems, providing sufficient time for the cyber security staff to deal with any data breach. The process of detecting and responding swiftly to threats goes a long way in limiting the damage paused, hence protecting the organization’s valuable assets (Yevseyeva et al. 1036). Moreover, detective controls are the most important because they locate errors that may accompany the execution of various transactions. Some examples of detective controls include conducting physical inventories of materials or cash in an organization, reviewing performance metrics, and conducting weekly or monthly reconciliations for all the transactions within each department (Yevseyeva et al. 1038).
Lastly, responsive controls are control measures designed to take charge of the remediation process from the data breaches after they have occurred. Automated responses can be implemented using responsive controls to address potential security issues. Furthermore, this type of security control can also work with preventive and detective controls to establish a holistic approach toward countering potential threats. Some examples of responsive controls include rebooting a system, patching a system, or quarantining a virus.
Works Cited
Johnson, Leighton. Security controls evaluation, testing, and assessment handbook. Academic Press, 2019.
Yevseyeva, Iryna, et al. “Selecting an optimal subset of security controls.” Procedia Computer Science 64 (2015): 1035-1042.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
At the highest levels, there are three types of Security Controls: Preventative, Detective, and Responsive. Security controls must be implemented as one or more of these types. Otherwise, the controls are not there for security purposes.
Research to find at least two examples of controls or countermeasures for each of the above security controls. Which do you believe are the most important and why?
Your discussion posting in each lesson has two parts, each of which is scored separately but in one point total.
1. Your main discussion posting is a response to the question or request made by the discussion description. Your response must be at least 75 words in length, not including any quoted or sourced content, such as a cut and paste from other sources.