-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtypes of sec ctrls.html
52 lines (48 loc) · 12.3 KB
/
types of sec ctrls.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Markmap</title>
<style>
* {
margin: 0;
padding: 0;
}
#mindmap {
display: block;
width: 100vw;
height: 100vh;
}
</style>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/style.css">
</head>
<body>
<svg id="mindmap"></svg>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/d3.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/browser/index.js"></script>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/index.js"></script>
<script>(r => {
setTimeout(r);
})(() => {
const {
markmap,
mm
} = window;
const {
el
} = markmap.Toolbar.create(mm);
el.setAttribute('style', 'position:absolute;bottom:20px;right:20px');
document.body.append(el);
})</script>
<script>((getMarkmap, getOptions, root2, jsonOptions) => {
const markmap = getMarkmap();
window.mm = markmap.Markmap.create(
"svg#mindmap",
(getOptions || markmap.deriveOptions)(jsonOptions),
root2
);
})(() => window.markmap, null, { "content": "Types of Security Controls", "children": [{ "content": "Technical Security Controls", "children": [{ "content": "Controls implemented through technology, often hardware or software-based.", "children": [{ "content": "Firewalls" }, { "content": "Encryption" }, { "content": "Intrusion detection systems" }, { "content": "Authentication mechanisms" }, { "content": "Access controls" }, { "content": "Provides direct, often automated protection, detection, and response. Can scale across large infrastructures.", "children": [], "payload": { "lines": "6,7" } }, { "content": "Vulnerable to technical failures or software vulnerabilities. Can become obsolete with technological advancement.", "children": [], "payload": { "lines": "7,9" } }], "payload": { "lines": "4,9" } }], "payload": { "lines": "2,3" } }, { "content": "Managerial Security Controls", "children": [{ "content": "Controls involving strategies, governance, and organizational approach to information security.", "children": [{ "content": "Risk assessments" }, { "content": "Security policies and procedures" }, { "content": "Security training programs" }, { "content": "Vendor management" }, { "content": "Addresses overall security posture and ensures compliance with legal and regulatory requirements. Essential for strategic decision-making.", "children": [], "payload": { "lines": "13,14" } }, { "content": "Effectiveness influenced by managerial commitment. Requires regular review and updating.", "children": [], "payload": { "lines": "14,16" } }], "payload": { "lines": "11,16" } }], "payload": { "lines": "9,10" } }, { "content": "Operational Security Controls", "children": [{ "content": "Controls focused on operations and associated with day-to-day tasks and procedures.", "children": [{ "content": "Backup and recovery procedures" }, { "content": "User awareness training" }, { "content": "Incident response procedures" }, { "content": "Change management" }, { "content": "Directly addresses user behavior and day-to-day operations, often the weak points in security.", "children": [], "payload": { "lines": "20,21" } }, { "content": "Requires continuous monitoring and relies on users or administrators to follow procedures correctly. Vulnerable to human error.", "children": [], "payload": { "lines": "21,23" } }], "payload": { "lines": "18,23" } }], "payload": { "lines": "16,17" } }, { "content": "Physical Security Controls", "children": [{ "content": "Controls designed to protect the physical environment of information assets.", "children": [{ "content": "Security guards" }, { "content": "Fences" }, { "content": "Locks" }, { "content": "CCTV cameras" }, { "content": "Biometric access controls" }, { "content": "Secure server rooms" }, { "content": "Fire suppression systems" }, { "content": "Provides tangible protection against physical threats such as theft, damage, and natural disasters.", "children": [], "payload": { "lines": "27,28" } }, { "content": "Does not protect against remote cyber threats. Requires physical maintenance.", "children": [], "payload": { "lines": "28,30" } }], "payload": { "lines": "25,30" } }], "payload": { "lines": "23,24" } }, { "content": "Contrast of Security Controls", "children": [{ "content": "Implementation Nature:", "children": [{ "content": "Technical controls: Implemented through IT systems and infrastructure.", "children": [], "payload": { "lines": "33,34" } }, { "content": "Managerial controls: Executed at the decision-making level.", "children": [], "payload": { "lines": "34,35" } }, { "content": "Operational controls: Related to routine processes.", "children": [], "payload": { "lines": "35,36" } }, { "content": "Physical controls: Pertains to tangible assets and facilities.", "children": [], "payload": { "lines": "36,37" } }], "payload": { "lines": "32,37" } }, { "content": "Vulnerabilities:", "children": [{ "content": "Technical: Vulnerable to technological flaws.", "children": [], "payload": { "lines": "38,39" } }, { "content": "Managerial: Vulnerable to a lack of leadership commitment.", "children": [], "payload": { "lines": "39,40" } }, { "content": "Operational: Vulnerable to human errors.", "children": [], "payload": { "lines": "40,41" } }, { "content": "Physical: Vulnerable to physical access breaches.", "children": [], "payload": { "lines": "41,42" } }], "payload": { "lines": "37,42" } }, { "content": "Overhead and Maintenance:", "children": [{ "content": "Technical: High initial costs and need consistent updating.", "children": [], "payload": { "lines": "43,44" } }, { "content": "Managerial: Require periodic review and adaptation.", "children": [], "payload": { "lines": "44,45" } }, { "content": "Operational: Demand continuous user training and oversight.", "children": [], "payload": { "lines": "45,46" } }, { "content": "Physical: Need regular physical maintenance and checks.", "children": [], "payload": { "lines": "46,47" } }], "payload": { "lines": "42,47" } }, { "content": "Application Domain:", "children": [{ "content": "Technical: Pertinent in IT and digital domains.", "children": [], "payload": { "lines": "48,49" } }, { "content": "Managerial: Span across all organizational areas.", "children": [], "payload": { "lines": "49,50" } }, { "content": "Operational: Common in IT operations, HR, and other daily functions.", "children": [], "payload": { "lines": "50,51" } }, { "content": "Physical: Crucial for facilities management and asset safeguarding.", "children": [], "payload": { "lines": "51,53" } }], "payload": { "lines": "47,53" } }], "payload": { "lines": "30,31" } }, { "content": "Types of Security Controls Based on Functionality", "children": [{ "content": "Preventive Security Controls", "children": [{ "content": "Controls aiming to prevent an incident or breach from occurring.", "children": [{ "content": "Firewalls" }, { "content": "Access controls" }, { "content": "Strong password policies" }, { "content": "Encryption" }, { "content": "Security training" }, { "content": "Act proactively to ward off potential threats.", "children": [], "payload": { "lines": "59,61" } }], "payload": { "lines": "57,61" } }], "payload": { "lines": "55,56" } }, { "content": "Deterrent Security Controls", "children": [{ "content": "Controls that deter or discourage threat actors by increasing risk or reducing reward.", "children": [{ "content": "Warning banners" }, { "content": "Visible surveillance cameras" }, { "content": "Account lockout mechanisms" }, { "content": "Serve as a discouragement, making it less appealing for an attacker to proceed.", "children": [], "payload": { "lines": "65,67" } }], "payload": { "lines": "63,67" } }], "payload": { "lines": "61,62" } }, { "content": "Detective Security Controls", "children": [{ "content": "Controls designed to discover or detect unwanted or unauthorized activity.", "children": [{ "content": "Intrusion detection systems (IDS)" }, { "content": "Audit logs" }, { "content": "Security information and event management (SIEM) systems" }, { "content": "Anomaly detection" }, { "content": "Identify and alert on anomalies or security incidents.", "children": [], "payload": { "lines": "71,73" } }], "payload": { "lines": "69,73" } }], "payload": { "lines": "67,68" } }, { "content": "Corrective Security Controls", "children": [{ "content": "Controls that limit the extent of damage and correct the situation after a security incident is detected.", "children": [{ "content": "Antivirus software" }, { "content": "Incident response teams" }, { "content": "Backup/restoration tools" }, { "content": "Patches for vulnerabilities" }, { "content": "Remediate and recover from a detected security incident.", "children": [], "payload": { "lines": "77,79" } }], "payload": { "lines": "75,79" } }], "payload": { "lines": "73,74" } }, { "content": "Compensating Security Controls", "children": [{ "content": "Controls that provide alternative measures when primary controls are ineffective or unfeasible.", "children": [{ "content": "Stringent password policy" }, { "content": "Continuous user behavior monitoring as alternatives to multifactor authentication" }, { "content": "Act as a backup or alternative to primary security controls.", "children": [], "payload": { "lines": "83,85" } }], "payload": { "lines": "81,85" } }], "payload": { "lines": "79,80" } }, { "content": "Directive Security Controls", "children": [{ "content": "Controls used to guide or constrain user actions through mandatory or recommended actions.", "children": [{ "content": "Acceptable use policies" }, { "content": "Security policies" }, { "content": "Guidelines" }, { "content": "Procedures" }, { "content": "Standards" }, { "content": "Provide a roadmap or guidance for security best practices within an organization.", "children": [], "payload": { "lines": "89,91" } }], "payload": { "lines": "87,91" } }], "payload": { "lines": "85,86" } }], "payload": { "lines": "53,54" } }, { "content": "Contrast of Functional Security Controls", "children": [{ "content": "Stage of Intervention:", "children": [{ "content": "Preventive: Act before an incident.", "children": [], "payload": { "lines": "94,95" } }, { "content": "Deterrent: Discourage attackers.", "children": [], "payload": { "lines": "95,96" } }, { "content": "Detective: Operate during or after the incident.", "children": [], "payload": { "lines": "96,97" } }, { "content": "Corrective: Act post-incident to restore and rectify.", "children": [], "payload": { "lines": "97,98" } }, { "content": "Compensating: Work as alternatives to main controls.", "children": [], "payload": { "lines": "98,99" } }, { "content": "Directive: Provide guidelines for action throughout all stages.", "children": [], "payload": { "lines": "99,100" } }], "payload": { "lines": "93,100" } }, { "content": "Interaction with Threat Actors:", "children": [{ "content": "Preventive: Directly counteract threats.", "children": [], "payload": { "lines": "101,102" } }, { "content": "Deterrent: Scare attackers away.", "children": [], "payload": { "lines": "102,103" } }, { "content": "Detective: Monitor and alert on activities.", "children": [], "payload": { "lines": "103,104" } }, { "content": "Corrective: Nullify or reduce impact.", "children": [], "payload": { "lines": "104,105" } }, { "content": "Compensating: Act as secondary barriers.", "children": [], "payload": { "lines": "105,106" } }, { "content": "Directive: Set the stage for all other controls.", "children": [], "payload": { "lines": "106,107" } }], "payload": { "lines": "100,107" } }, { "content": "Flexibility and Adaptability:", "children": [{ "content": "Preventive, Deterrent, Detective: Specific to certain threats.", "children": [], "payload": { "lines": "108,109" } }, { "content": "Corrective: Based on detected incidents.", "children": [], "payload": { "lines": "109,110" } }, { "content": "Compensating: Adaptable custom solutions.", "children": [], "payload": { "lines": "110,111" } }, { "content": "Directive: Broad and flexible guidance.", "children": [], "payload": { "lines": "111,113" } }], "payload": { "lines": "107,113" } }], "payload": { "lines": "91,92" } }], "payload": { "lines": "0,1" } }, {})</script>
</body>
</html>