Cyber Security Control
Project Name: Cyber Security Control
Description: Cyber Security Control India blog will help each IT employee to understand information environment in better way. The components of Cyber Security Controls
Author: Rohit D Sadgune
Summary of Content
- Components Of Cyber Security Controls
- Basic Requirement of Cyber Security Controls
- Types of Cyber Security Controls
- What are the different Information Security aspects to be considered for Cyber Security
What is a Cyber Security?
Cybersecurity is the division of information technology whose primary objective is to implement processes and practices configure to protect networks, computers, enterprise application and data from attack, damage or unauthorized.
Principle objective of cyber security is to maintain Confidentiality, Integrity, and Availability over the entire enterprise
Types of Cyber Security Controls
There are 6 main types of cyber security controls must implemented by enterprise Preventive, Detective, Corrective, Deterrent, Recovery, Recompense.
Preventive controls are the primary measures met by the adversary. The primary objective of preventive controls is to try to block security infection and enforce access control.
Detective controls are implemented to intercept security breach and alert the defenders. The detective controls will play role when preventive controls have failed or have been bypassed by adversary. Detective measured include SIV( Signature integrity verifier), cryptographic checksums, audit trails and logs, and similar tools.
Corrective controls comes into the frame when adversary has already breached the enterprise environment .Although a infections spread, not all is lost, so security analyst and system admins try at most to recover. Corrective controls are highely depends on the area of the enterprise where advesavary has targeted most.
Deterrent controls are implemented to tell adversaries or potential attackers that we have we have detected you and please stop doing same silly thing again and again.
Recovery controls are similar to corrective controls, Recovery Controls will get applied in higher level of incidents to recover from security infections and restore information. In most of scenarios recovery controls includes disaster recovery and business continuity tactics.
Recompense controls are deliberate to be alternative arrangements for other measures when the primary controls have failed or cannot be used. When any of the new control has addresses the same adversaries that are addressed by another set of primary controls, then newly implemented controls are Recompense controls.
Why Cyber Security Controls are important?
- On daily basis new attack are getting invented, the volume of these attack are very high. These attack includes threats, targeted attacks, advance persistence threats, phishing scams, data leakages
- On daily the average unprotected systems are increasing..
- Millions of infected web pages are being discovered every day.
- Hundreds of millions of events are involved in data breaches.
- New attack methods are launched continuously.
Cyber Security Control
- Assets collections & management
- Logical asses collection & management (software / application inventory)
- Standard security configuration for all physical and logical assets
- Vulnerability management for respective assets of enterprise
- Malware Investigation
- Vulnerability assessment & Penetration testing for all application
- Continuous knowledge transfers & training sessions for employees
- Identity & access management
- Perimeter security
- Security information and event management
- Digital Forensics & Incident Response
- Monitoring threat intelligence.