Operations Controls: Day-to-day procedures used to protect computer operations. Resource Protection: Is the concept of protecting an organization's computing resources and assets from loss or compromise. Covers hardware, software and data resources.
Hardware Controls: - Hardware Maintenance - Maintenance Accounts - Diagnostics Port Control - Hardware Physical Control
Privileged Entity Controls / Privileged operations functions: - Special access to system commands - Access to special parameters - Access to the system control program
Media Resource Protection: Are implemented to protect any security threat by intentional or unintentional exposure of sensitive data - - Media Security Controls: Should be designed to prevent the loss of sensitive information and can be: - Logging - Access control - Proper disposal - Media Viability Controls Should be used to protect the viability of the data storage media. Is required in the event of system recovery process - - Marking - Handling - Storage
Physical Access Controls: Covers - Hardware - Software Special arrangements for supervision must be made when external support providers are entering a data center.
Piggybacking: Is when an unauthorized person goes through a door behind an authorized person. The concept of a "man trap" is designed to prevent it.
