Security Control Types

Controls are broken down into control types such as administrative, physical, and technical. Read this section, which will help you differentiate between administrative, technical, and physical control types.

Security Controls can be classified into three categories

Administrative Controls which include

  • Developing and publishing of policies, standards, procedures, and guidelines.
  • Screening of personnel.
  • Conducting security-awareness training and
  • Implementing change control procedures.

Technical or Logical Controls which include

  • Implementing and maintaining access control mechanisms.
  • Password and resource management.
  • Identification and authentication methods
  • Security devices and
  • Configuration of the infrastructure.

Physical Controls which include

  • Controlling individual access into the facility and different departments
  • Locking systems and removing unnecessary floppy or CD-ROM drives
  • Protecting the perimeter of the facility
  • Monitoring for intrusion and
  • Environmental controls.

Security Note: It is the responsibility of the information owner (usually a Sr. executive within the management group or head of a specific dept) to protect the data and is the due care (liable by the court of law) for any kind of negligence

Source: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management#Security_Controls
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Last modified: Thursday, April 15, 2021, 2:35 PM