1 - Identify security control types (page 5 – 17)
Questions
1. What does a Cybersecurity Specialist/Technician do?
2. What is the primary focus of a Cyber Crime Analyst/Investigator?
3. What is the main responsibility of an Incident Analyst/Responder?
4. What is the role of a Cybersecurity Analyst?
5. What are the responsibilities of a Cybersecurity Manager/Administrator?
6. What does a Cybersecurity Engineer focus on?
7. What is the role of the Chief Information Security Officer (CISO)?
8. What is the definition and purpose of a Security Operations Center (SOC)?
9. What are the three critical requirements for a SOC to be successful?
10. What is an "Indicator of Compromise" (IoC)?
11. What is a Security Control?
12. What are "Technical (Logical) Controls" according to NIST SP 800-53?
13. What are "Operational Controls"?
14. What are "Managerial Controls"?
15. What is the function of a "Preventative Control"?
16. What is the function of a "Detective Control"?
17. What is the function of a "Corrective Control"?
18. What is a "Physical Control"?
19. What is a "Deterrent Control"?
20. What is a "Compensating Control"?
20b. What is a “Responsive control”?
21. How should you select security controls for a system?
,Answers
1. Cybersecurity Specialist/cyber Technician: Performs system configuration under the
direction of a cybersecurity analyst.
Does system configuration under direction of cybersecurity analyst
2. Cyber Crime Analyst/cyber Investigator: Works in the digital forensics to investigate crimes.
Investigates crime
3. Incident Analyst/Responder: Responds to data breaches and cyberattacks
Responds to data breaches and cyber attacks
4. Cybersecurity Analyst: Senior role responsible for protecting sensitive information and
preventing unauthorized access .
Protects sensitive information and prevent unauthorized access.
5. Cybersecurity Manager/Administrator: monitor network operations and manages the
infrastructure
Monitor network and manage infrastrucutre
6. Cybersecurity Engineer: Designs the security system and builds tools/techniques for the
organization .
Designs security system
7. Chief Information Security Officer (CISO): Senior executive responsible for the entire
security posture.
Responsible for entire security posture
8. Security Operations Center (SOC): Location where professionals monitor and protect
critical information assets.
Monitor and protect information assets
9. SOC Requirements: Authority to operate, skilled professionals, and centralized processes .
10. Indicator of Compromise (IoC): Evidence indicating a system has been successfully attacked
or compromised.
11. Security Control: Mitigates vulnerabilities and risk to ensure data CIA, non-repudiation,
and authentication.
12. Technical (Logical) Controls: Implemented as a system (hardware, software, or firmware) .
Technical security control = hardware and software implemented to manage and reduce risk.
Examples:
Antivirus
Firewall
, Intrusion detection system (IDS)
13. Operational Controls: Implemented primarily by people rather than systems .
Operational security control = protect data on a day-to-day basis governed by human actions
Examples: changing password every 90 days, backups, user training programs
14. Managerial Controls: Provides oversight of the information system .
Managerial security control = strategic planning and governance of security
Examples: Training programs, security policies, incident response
15. Preventative Control: Eliminates or reduces the likelihood of a successful attack .
Preventative security control = implemented to prevent security threats
Example: Firewall, since it is a preventative control since it filters incoming and outgoing
traffic to block harmful data packets.
16. Detective Control: Identifies and records attempted or successful intrusions .
Detective controls = monitor and alert of malicious activities
Example: IDS
17. Corrective Control: Eliminates or reduces the impact of an intrusion event .
Corrective controls = mitigate damage and store the system to a normal state.
Example: An antivirus removing a malware
18. Physical Control: Acts against in-person intrusion attempts .
Physical security control = protect against external and internal threats so only authorized
people can access specific areas or assets.
Examples: cameras, security guards, biometric scanners
19. Deterrent Control: Discourages intrusion attempts .
Deterrent controls = something to discourage attackers.
Example: pop up on company website to let attackers know they are being monitored.
20. Compensating Control: Acts as a substitute for a principal control .
Compensating controls = alternative measures implemented when primary security controls
are not effective.
, 20B) Responsive control System that monitors for attacks and mitigates them (For example
network firewall).
21. Selecting Security Controls: Use CIA principles to ensure coverage; specific application
depends on risk .
Questions
1. What does a Cybersecurity Specialist/Technician do?
2. What is the primary focus of a Cyber Crime Analyst/Investigator?
3. What is the main responsibility of an Incident Analyst/Responder?
4. What is the role of a Cybersecurity Analyst?
5. What are the responsibilities of a Cybersecurity Manager/Administrator?
6. What does a Cybersecurity Engineer focus on?
7. What is the role of the Chief Information Security Officer (CISO)?
8. What is the definition and purpose of a Security Operations Center (SOC)?
9. What are the three critical requirements for a SOC to be successful?
10. What is an "Indicator of Compromise" (IoC)?
11. What is a Security Control?
12. What are "Technical (Logical) Controls" according to NIST SP 800-53?
13. What are "Operational Controls"?
14. What are "Managerial Controls"?
15. What is the function of a "Preventative Control"?
16. What is the function of a "Detective Control"?
17. What is the function of a "Corrective Control"?
18. What is a "Physical Control"?
19. What is a "Deterrent Control"?
20. What is a "Compensating Control"?
20b. What is a “Responsive control”?
21. How should you select security controls for a system?
,Answers
1. Cybersecurity Specialist/cyber Technician: Performs system configuration under the
direction of a cybersecurity analyst.
Does system configuration under direction of cybersecurity analyst
2. Cyber Crime Analyst/cyber Investigator: Works in the digital forensics to investigate crimes.
Investigates crime
3. Incident Analyst/Responder: Responds to data breaches and cyberattacks
Responds to data breaches and cyber attacks
4. Cybersecurity Analyst: Senior role responsible for protecting sensitive information and
preventing unauthorized access .
Protects sensitive information and prevent unauthorized access.
5. Cybersecurity Manager/Administrator: monitor network operations and manages the
infrastructure
Monitor network and manage infrastrucutre
6. Cybersecurity Engineer: Designs the security system and builds tools/techniques for the
organization .
Designs security system
7. Chief Information Security Officer (CISO): Senior executive responsible for the entire
security posture.
Responsible for entire security posture
8. Security Operations Center (SOC): Location where professionals monitor and protect
critical information assets.
Monitor and protect information assets
9. SOC Requirements: Authority to operate, skilled professionals, and centralized processes .
10. Indicator of Compromise (IoC): Evidence indicating a system has been successfully attacked
or compromised.
11. Security Control: Mitigates vulnerabilities and risk to ensure data CIA, non-repudiation,
and authentication.
12. Technical (Logical) Controls: Implemented as a system (hardware, software, or firmware) .
Technical security control = hardware and software implemented to manage and reduce risk.
Examples:
Antivirus
Firewall
, Intrusion detection system (IDS)
13. Operational Controls: Implemented primarily by people rather than systems .
Operational security control = protect data on a day-to-day basis governed by human actions
Examples: changing password every 90 days, backups, user training programs
14. Managerial Controls: Provides oversight of the information system .
Managerial security control = strategic planning and governance of security
Examples: Training programs, security policies, incident response
15. Preventative Control: Eliminates or reduces the likelihood of a successful attack .
Preventative security control = implemented to prevent security threats
Example: Firewall, since it is a preventative control since it filters incoming and outgoing
traffic to block harmful data packets.
16. Detective Control: Identifies and records attempted or successful intrusions .
Detective controls = monitor and alert of malicious activities
Example: IDS
17. Corrective Control: Eliminates or reduces the impact of an intrusion event .
Corrective controls = mitigate damage and store the system to a normal state.
Example: An antivirus removing a malware
18. Physical Control: Acts against in-person intrusion attempts .
Physical security control = protect against external and internal threats so only authorized
people can access specific areas or assets.
Examples: cameras, security guards, biometric scanners
19. Deterrent Control: Discourages intrusion attempts .
Deterrent controls = something to discourage attackers.
Example: pop up on company website to let attackers know they are being monitored.
20. Compensating Control: Acts as a substitute for a principal control .
Compensating controls = alternative measures implemented when primary security controls
are not effective.
, 20B) Responsive control System that monitors for attacks and mitigates them (For example
network firewall).
21. Selecting Security Controls: Use CIA principles to ensure coverage; specific application
depends on risk .
