CompTIA Security+ SY0-601 – 5.1 Various types of controls

  • By
  • April 6, 2023
0 Comment

1. Control Types and category

In this video I’m going to be covering different categories and types of controls that are on your exam. Now this is a very good topic for exam questions. They will test the hell out of you on this. You want to make sure you know it well. So there are three categories of controls that we need to talk about and there are six control types and they generally go together are so let’s go through what they are and how controls fall into them. First of all, what are controls? Well, controls are the things we use to secure our environment. A Firewall is a preventive control. So the security guard is a preventive control. User Awareness training, that’s a control configuring, an IDs, that’s a control.

So these controls that we implement, all the controls that we have talked about in this class and we’re going to talk about basically falls into these control types and categories. Let’s take a look at what they are. So the first thing up I have here is going to be the concept of the concept of categories. So there’s three categories managerial or management controls, operational controls and technical controls. Now management controls relates to what management is going to be doing more of management of information security. So management controls controls that falls in here are going to be things like risk assessment, doing different types of planning and planning for different types of how we’re going to manage security in the future.

And currently systems acquisitions or acquiring systems, how are we going to do that? And then also the other ones are going to be things like Certifying systems and Accrediting systems to come into production because generally management will determine should we be installed in systems on our network, so they’re going to credit those systems to be installed. The next part we have is operational control. Now operational control includes a lot operation control is directly dealing with people, it’s implemented and executed by people. And operational controls are going to be things that we’ll do to secure personnel safety. Environmental controls such as HVAC systems contingency, disaster recovery planning, VCP planning, configuration, maintenance of physical environments.

It also includes media protection, physical media protection, incident responses and also we have user and awareness training. So all of that is going to apply to operational controls. Now the other thing we have are technical controls and this is where you tech folks are going to like. This is doing identification and authentication such as using biometric systems. This is where we’re going to have different forms of technical access controls like firewalls, IDs systems, login and monitoring our computer systems and different types of communication protections. And also encryption falls into these categories. So these are the three categories you have managerial, operational and technical. Now the other thing here are control types. Here you have six of them.

Now a preventive control can stop someone from coming into your network.Preventive controls are stopping control. Security guards can stop someone. A security dog, a firewall can stop someone. So these are preventive controls. They can prevent intrusion. Detective controls can detect intrusions are happening in your network. Think of an intrusion detection system, think of camera systems also could do that. You also have corrective controls. Corrective controls is when there is an intrusion that things needs to be fixed. You’re going to have to reimage the machine as a corrective control. Reinstalling windows or recovering data. How do we scare off intruders? Well, cameras are a great way to detect intruders.

Our sensor systems, different types of sensors like motion detectors. But cameras are great deterrence security guards. Notice how these things have fallen into multiple control types. Security guards also great deterrent controls. So deterrent controls are controls that scares people off. One of the last one here is physical control. You notice I skip one, I’ll connect it out in a minute. Physical controls are things that you can physically touch and feel. Things like cable locks to lock down a computer, security guards, cameras, door locks, guard dogs, HVAC systems to keep your environment cool. These are all considered physical. So if you can touch and feel it, it’s generally considered a physical control.

Now what happens if you don’t have the best control? Well, there’s many times an organization may not have the best control out there, so they have to do a compensate and control. For example, you know what’s a good control to have? Separation of duty, in which case you break up the duties amounts how the task people are doing. This helps to reduce fraud. If one person can write the check, sign the check and cash the check, but they can do a lot of fraud because nobody’s going to check somebody stealing money. But once you do separation of duties and then you will break up into three different people. But in order to do this, you need to have money and companies may not have the best control. Separation is a great control.

So what you do have compensated controls. What you have to do is monitor the user more so you don’t have the best control. Take the second best one that’s considered a compensating control. Okay, make sure watch this video again, review this section again. You’re probably going to get a question or two on the exam where they’re going to give you a list of controls and they’re going to say which one of these is going to stop? But which one of these are going to be able able to detect an intrusion? Which one of these are operational? Which one of these are technical controls? So you’re going to have to actually know what this is when it comes to taking your exam.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img