Discuss anything here - everything that you wish to discuss with fellow engineers.
Join this group to post and comment.
Series on Information Security (Weekly) - Part2
Controls for Information Security
Security controls are safeguards or countermeasures to minimize the security risks. These controls basically restrict access of information to authorize entities only. Controls can be categorized as,
a) Administrative / Procedural Controls
b) Technical / Logical Controls
c) Physical Controls
Administrative and Procedural Controls: It essentially includes policies, procedures, standards, recommendations, guidelines, training etc. They basically deal with things that are supposed "To Do" and "Not To Do". Here the HR team and Legal team plays an important role. Even the organization's management play an important role as they have the core responsibility of making sure that the policies and procedures are implemented. Also they should make sure that proper reporting mechanism is in place and action taken against any irregularities in implementing it.
Technical/Logical Controls: These controls would include firewalls, access control systems like file/directory access, access restrictions to database and applications, password protections to host systems etc.These should be inline with the defined policy of an organization. Here technical team plays crucial role to make sure that there are no loopholes which could lead to risk of bypassing these controls.
Physical Controls: If we do not maintain proper physical controls in place anyone can enter organization's premise and the employees that are not authorized may enter the server rooms, can steal devices, peripjherals like USB drive, CD, DVD and many more . There are chances that a person may shutdown our systems which leads to unavailability. These could include physical access control systems like biometric systems, gated entry, fences and other such security mechanisms that restricts trespasser or intruder from entering a secured area of an organization.
N.B: Let me know If you have any queries, any topic that you want me to cover, if you like it or not. That helps me tune the material to the readers need... See you in next part....