Information Technology security control Essay

There be a number of training Technology security controls. The three most common are somatic, skilful, and administrative controls however, many musical arrangements break down administrative controls into two withdraw categories procedural and legal controls. Security controls are the means of enforcing security policies that reflect the organizations business requirements, (Johnson). Security controls are use to guarantee the cultivation security C-I-A triad. Furthermore, security controls fall into three types of control classifications, they are preventive, tec and corrective. These classifications are utilise to specify when a security control applies. physiological Controls are exactly what they sound like, physical obstacles used to prevent or deter admission to IS resources.Physical controls can be barriers such as locked doors, requiring some sort of authentication/authorization command to enter, like a cipher lock or keycard. Biometric scanners are also excel lent controls to position and allow access to authorized personnel. Video cameras and closed-circuit television are also examples of physical controls. For organizations requiring extreme security measures, perimeter barriers such as walls or electric fences are used additionally, security guards fall into the physical controls category. Technical Controls are logical and/or software advertd controls intentional to restrict access to the network infrastructure, components, and data. Controls such as discretionary, mandatory access controls, rule- and role-based access controls, and passwords are all examples of technical controls.Physical controls are used to prevent physical access to the physical components whereas technical controls are implemented to prevent digital/logical access if physical access is achieved. or so physical hardware can also fall under the technical control category because they contain the software utilized to prevent or allow access to the network compo nents such as firewalls and routers are examples. administrative Controls can best be described as the paper-based controls designed to claim personnel who can do what, when, where, why and how. As stated above the administrative controls are sometimes broken down into two separate categories, procedural controls and legal controls.Procedural Controls are an organizations policies and procedures that all employees must take on for each specific circumstance for which they were written. Examples of these include security awareness and training, calamity response plans, and change controls. Some of these procedures will include step-by-step instruction manual that must be adhered to handle each topic whereas others will be more general controls that may or may not relate to other policies. Legal Controls are controls that must be in vex for organizations to operate. Compliance regulations/laws/standards fall into this category. Examples would include HIPAA and PCI DSS, GLBA, SOX , FERPA and CIPA. Administrative controls also protect the organization, by allowing to inform employees of the punitive measures that can/will happen for non-compliance violations, such as the Acceptable Use Policy.