|
Access Control Types
(P - Physical / A - Administrative / T - Technical)
Preventative: Controls used to deter and avoid undesirable events from taking place.
P - Fences, Locks, Badge System, Security guard, Biometric system, Mantrap door, Lighting, CCTV, Alarms
A - Security policy, Monitoring and supervising, Separation of duties, Job rotation, Information Classification, Personnel procedures, Testing, Security awareness training.
T - ACLs, Routers, Encryption, IDS, Antivirus software, Firewalls, Smart cards, Dial-up call-back systems.
Detective: Controls used to identify undesirable events that have occurred.
P - Security guard, Biometric system, Motion detectors, CCTV, Alarms, Backups.
A - Monitoring and supervising, Job rotation, Personnel procedures, Investigations, Security awareness training.
T - Audit logs, IDS, Antivirus software, Firewalls.
Corrective: Controls used to correct undesirable events that have occurred.
P - Fences, Locks, Badge System, Security guard, Biometric system, Mantrap door, Lighting, CCTV, Alarms
A - Security policy.
T - IDS, Antivirus software.
Deterrent: Controls used to discourage security violations.
P - Backups
A - Monitoring and supervising, Separation of duties, Personnel procedures.
T - Encryption, IDS, Firewalls.
Recovery: Controls used to restore resources and capabilities.
P - Fences, Locks, Security guard, Mantrap door, Lighting, Alarms, Backups
A -
T - Antivirus software.
Compensation: Controls used to provide alternatives to other controls.
P -
A - Monitoring and supervising, Personnel procedures.
T -
Review of audit information:
Audit reduction - Reduces the amount of information within an audit log.
Variance-detection tool - Monitor computer and resource usage trends and detect variations.
Attack signature-detection tool - The application will have a database of information that has been known to indicate specific attacks.
Keystroke Monitoring:
Review and record keystrokes entered by a user during an active session.
|
|
