View Feed
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12892 Members
Join this group to post and comment.
Rahul Jamgade
Rahul Jamgade • Dec 19, 2017

Series on Information Security (Weekly) - Part2

Controls for Information Security

Security controls are safeguards or countermeasures to minimize the security risks. These controls basically restrict access of information to authorize entities only. Controls can be categorized as,

a) Administrative / Procedural Controls

b) Technical / Logical Controls

c) Physical Controls

Administrative and Procedural Controls: It essentially includes policies, procedures, standards, recommendations, guidelines, training etc. They basically deal with things that are supposed "To Do" and "Not To Do". Here the HR team and Legal team plays an important role. Even the organization's management play an important role as they have the core responsibility of making sure that the policies and procedures are implemented. Also they should make sure that proper reporting mechanism is in place and action taken against any irregularities in implementing it.

Technical/Logical Controls: These controls would include firewalls, access control systems like file/directory access, access restrictions to database and applications, password protections to host systems etc.These should be inline with the defined policy of an organization. Here technical team plays crucial role to make sure that there are no loopholes which could lead to risk of bypassing these controls.

Physical Controls: If we do not maintain proper physical controls in place anyone can enter organization's premise and the employees that are not authorized may enter the server rooms, can steal devices, peripjherals like USB drive, CD, DVD and many more . There are chances that a person may shutdown our systems which leads to unavailability. These could include physical access control systems like biometric systems, gated entry, fences and other such security mechanisms that restricts trespasser or intruder from entering a secured area of an organization.
N.B: Let me know If you have any queries, any topic that you want me to cover, if you like it or not. That helps me tune the material to the readers need... See you in next part....

Share this content on your social channels -