fbpx

Cybersecurity Awareness Month: What is Security Control?

Must Read

Destiny Young
Destiny Younghttp://linktr.ee/youngdestinya
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.

In cybersecurity, a control is a measure taken to reduce the risk of a security breach or data loss. Controls can be physical or virtual, policies, training, techniques, methodologies, action plan, devices, and customized solutions to avoid, detect, and prevent intruders and minimize the security risk befalling the individual or organizational proprietary information systems.

There are three types of security controls: preventive controls, detective controls, and corrective controls.

Preventive controls are designed to stop an attack before it occurs. Examples of preventive controls include firewalls, intrusion detection systems (IDS), antivirus software, access control lists (ACLs), and encryption measures. A typical usage scenario for a firewall is to block unauthorized access to a network by filtering incoming traffic based on predefined rules. IDS can be used to monitor network traffic for suspicious activity and alert administrators when an attack is detected. Antivirus software can be used to scan files for malware and prevent it from infecting a system. ACLs can be used to restrict access to sensitive data based on user roles and permissions. Encryption measures can be used to protect data in transit or at rest by converting it into an unreadable format.

Detective controls are designed to identify an attack after it has occurred. Examples of detective controls include security cameras, log analysis tools, and intrusion detection systems (IDS). A typical usage scenario for a security camera is to monitor physical access points to a building and record any suspicious activity. Log analysis tools can be used to analyze system logs for signs of an attack. IDS can be used to monitor network traffic for suspicious activity and alert administrators when an attack is detected.

Corrective controls are designed to mitigate the damage caused by an attack after it has occurred. Examples of corrective controls include backup systems, disaster recovery plans, and incident response teams. A typical usage scenario for a backup system is to create regular backups of critical data so that it can be restored in the event of a data loss incident. Disaster recovery plans can be used to restore critical systems and services in the event of a major outage or disaster. Incident response teams can be used to investigate security incidents and take appropriate action.

Effective implementation of security controls is essential for increasing organizational security posture. By implementing appropriate security controls, organizations can reduce the risk of security breaches and data loss incidents. This can help protect sensitive information from unauthorized access or disclosure and prevent financial losses due to cybercrime.

Destiny YoungMSc (Cand)Nexford University

Technology/IT Infrastructure Engineer

A future Business Leader

Destiny Young
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.
- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

How to Pass CompTIA Security+ SY0-701 Exam with Just 3 Days of Study

Passing the CompTIA Security+ SY0-701 exam with just three days of study might seem daunting, but with the right tools and strategies, it’s achievable. Utilizing ChatGPT to generate a customized study guide.
- Advertisement -

More Articles Like This

- Advertisement -