kar- week3 discussion3 and replies

I’m stuck on a Computer Science question and need an explanation.

Examine the classifications of security controls (physical, administrative, and technical) and the types of security controls (preventive, detective, and corrective). Explain how these different types of controls are used to enforce security policies within an organization.

Explain the classifications and the type of security controls that are most challenging to implement. Include suggestions for overcoming these challenges.

Please provide a resource in the APA style.

words:250

read student posts and reply each in 150 words

sow – Examine the classifications of security controls (physical, administrative, and technical) and the types of security controls (preventive, detective, and corrective). Explain how these different types of controls are used to enforce security policies within an organization.

The classifications of security controls are physical, administrative, and technical. Physical manage may be any physical device in an effort to help in stopping get admission to to physical resources. Administrative manipulate offers with an actual employee imparting protection to a resource. This will be something together with a manager checking an employee’s work. Technical control or logical manipulate offers with stopping get right of entry to by using antivirus software or a hardware device together with a firewall. From the classifications of security controls comes the styles of protection controls that are preventive, detective, and corrective. Preventive manage is stopping a breach altogether earlier than it occurs. Automated manage will help determine the kind of motion to take while an incident is occurring. There is not any used of human decision with automated manipulate. Last, corrective manage is used to correct the vulnerability. It doesn’t necessarily stop an incident from occurring. (Walkowski, 2019)

Explain the classifications and the type of security controls that are most challenging to implement. Include suggestions for overcoming these challenges.

The most challenging styles of security controls are the ones that are most tough for employees to follow. If there are the ones in an organization that cannot follow the safety controls, the rules will fail. The sort of classification that could be most challenging to put into effect is administrative manage. This sort of manage is counting on a human to do some work by means of providing right education or overlooking an employee’s work, granted they know what to be looking for. Manual control also is based on some human effort. This manage relies on what action needs to be taken when an incident or breach occurs. (Walkowski, 2019)

vamsi – What are data security controls?

Data security controls keep sensitive information safe and act as a countermeasure against unauthorized access. They enable risk management programs by counteracting, detecting, minimizing, or avoiding security risks to computer systems, data, software, and networks.

They include technical controls as well as operational, administrative, and architectural controls.

Additionally, controls can be preventative, detective, corrective, or compensatory.

Physical security controls

Physical controls describe anything tangible that’s used to prevent or detect unauthorized access to physical areas, systems, or assets. This includes things like fences, gates, guards, security badges and access cards, biometric access controls, security lighting, CCTVs, surveillance cameras, motion sensors, fire suppression, as well as environmental controls like HVAC and humidity controls.

Technical security controls

Technical security controls focus on hardware and software. They control access and use across the network. Some best practices include encryption, smartcards, network authentication, access control lists (ACLs), and file integrity auditing software.

Administrative security controls

Administrative security controls are also referred to as procedural control. The controls focus on day-to-day operations and often come from standards or regulation. Best practices include information security policies and procedures, vendor risk management programs, business continuity policies, and disaster recovery policies.

Types of Security Control

Preventative controls

Preventative controls work to prevent data loss. Controls such as two-factor authentication, least privilege necessary, identity management, and cloud access management allow organizations to protect their perimeter by understanding who accessed data and how they used it.

Detective controls

Detective controls focus on identifying weaknesses. Controls such as internal audit, continuous monitoring, and computer usage logs enable organizations to review locations where information could be changed or deleted. Often, they provide evidence of a data loss or potential data loss, rather than protecting against it.

Corrective controls

Corrective controls mitigate damage once a risk exists. They focus on fixing the problem if detective controls indicate that an issue has occurred. Some examples of corrective controls include documenting policies and procedures, enforcement of policies and procedures, and creating a disaster recovery and business continuity program.

A security policy is a management control, but its security requirements are implemented by people (operational controls) and systems (technical controls). Think of phishing attacks. An organization may have an acceptable use policy that specifies the conduct of users, including not visiting malicious websites. Security controls to help thwart phishing, besides the management control of the acceptable use policy itself, include operational controls, such as training users not to fall for phishing scams, and technical controls that monitor emails and web site usage for signs of phishing activity.

A common problem with security controls is that they often make systems less convenient or more difficult to use. When usability is an issue, many users will attempt to circumvent security controls; for example, if passwords must be long and complex, users may write them down. Balancing security, functionality, and usability is often a challenge. The goal should be to strike a proper balance: provide a reasonably secure solution while offering the functionality and usability that users require.

Get 20% discount on your first order with us. Place an order and use coupon: GET20

Posted in Uncategorized