The term security control refers to a broad range of controls that perform such tasks as ensuring that only authorized users can log on and preventing unauthorized users from gaining access to resources. Controls mitigate a wide variety of information security risks.
安全控制一词指的是一系列广泛的控制措施,这些措施的作用包括确保只有经授权的用户才能登录和防止未经授权的用户访问资源。控制措施可减轻各种信息安全风险。
Whenever possible, you want to prevent any type of security problem or incident. Of course, this isn’t always possible, and unwanted events occur. When they do, you want to detect the events as soon as possible. And once you detect an event, you want to correct it.
只要有可能,人们就希望防止任何类型的安全问题或事件。当然,这并不总是可能的,意外事件还是会发生。一旦发生,人们就想要尽快检测到这些事件。一旦检测到事件,就想及时纠正。
As you read the control descriptions, notice that some are listed as examples of more than one access control type. For example, a fence (or perimeter-defining device) placed around a building can be a preventive control (physically barring someone from gaining access to a building compound) and/or a deterrent control (discouraging someone from trying to gain access).
在阅读这些控制说明时,请注意有些说明被列为不止一种出入控制类型的示例。例如,在建筑物周围设置的围栏(或周边限定装置)可以是一种预防性控制措施(实际阻止他人进入建筑物院落)和/或威慑性控制措施(阻止他人试图进入建筑物院落)。
Preventive预防性
A preventive control (aka preventative control) is deployed to thwart or stop unwanted or unauthorized activity from occurring. Examples of preventive controls include fences, locks, authentication, access control vestibules, alarm systems, separation of duties, job rotation,data loss prevention (DLP), penetration testing, access control methods, encryption, auditing, security policies, security-awareness training, antimalware software, firewalls, and intrusion prevention systems (IPSs)
预防性控制的部署是为了挫败或阻止不必要或未经授权的活动发生。预防性控制措施的例子包括围栏、锁、身份验证、门禁前庭、警报系统、职责分离、工作轮换、数据丢失预防(DLP)、渗透测试、访问控制方法、加密、审计、安全政策、安全意识培训、反恶意软件、防火墙和入侵防御系统(IPS)。
TIPS Keep in mind that there are no perfect security mechanisms or controls.They all have issues that can allow a threat agent to still cause harm. Controls may have vulnerabilities, can be turned off, may be avoided, can be overloaded, may be bypassed, can be tricked by impersonation, may have backdoors, can be misconfigured, or have other issues. Thus, this known imperfection of individual security controls is addressed by using a defense-in-depth strategy. 请记住,没有完美的安全机制或控制措施。它们都存在问题,可能使威胁代理仍然造成危害。控制措施可能存在漏洞、可能被关闭、可能被规避、可能超载、可能被绕过、可能被假冒欺骗、可能有后门、可能配置错误或存在其他问题。因此可以通过使用深度防御策略来解决个别安全控制不完善的问题。 |
Deterrent 威慑性
A deterrent control is deployed to discourage security policy violations. Deterrent and preventive controls are similar, but deterrent controls often depend on individuals being convinced not to take an unwanted action. Some examples include policies, security awareness training, locks, fences, security badges, guards, access control vestibules, and security cameras.
威慑性控制措施用于阻止违反安全策略的行为。威慑性控制措施与预防性控制措施类似,但威慑性控制措施通常取决于说服个人不要采取不想要的行动。比如:政策、安全意识培训、门锁、栅栏、安全徽章、警卫、门禁前庭和安全摄像头。
Detective侦测
A detective control is deployed to discover or detect unwanted or unauthorized activity. Detective controls operate after the fact and can discover the activity only after it has occurred. Examples of detective controls include security guards, motion detectors, recording and reviewing of events captured by security cameras or CCTV, job rotation, mandatory vacations, audit trails, honeypots or honeynets, intrusion detection systems (IDSs), violation reports, supervision and review of users, and incident investigations.
侦测控制的部署是为了发现或侦测不需要的或未经授权的活动。侦查控制是事后操作,只能在活动发生后才能发现。侦查控制的例子包括安全警卫、移动探测器、记录和审查安全摄像机或闭路电视拍摄的事件、工作轮换、强制休假、审计跟踪、蜜罐或蜜网、入侵检测系统 (IDS)、违规报告、监督和审查用户以及事件调查。
Compensating 补偿
A compensation control is deployed to provide various options to other existing controls to aid in enforcement and support of security policies. They can be any controls used in addition to, or in place of, another control. They can be a means to improve the effectiveness of a primary control or as the alternate or failover option in the event of a primary control failure. For example, if a preventive control fails to stop the deletion of a file, a backup canbe a compensation control, allowing for restoration of that file. Here’s another example: if a building’s fire prevention and suppression systems fail and the building is damaged by fire so that it is not inhabitable, a compensation control would be having a disaster recovery plan (DRP) with an alternate processing site available to support work operations.
补偿控制的部署是为了向其他现有控制提供各种选项,以帮助执行和支持安全策略。它们可以是作为另一种控制的补充或替代的任何控制。它们可以是提高主要控制效果的一种手段,也可以是主要控制失效时的备用或故障切换选项。例如,如果预防性控制未能阻止删除文件,备份可以作为补偿控制,允许恢复该文件。再举个例子:如果一栋大楼的防火和灭火系统失灵,大楼被大火烧毁,无法居住,那么补偿控制措施就是制定灾难恢复计划(DRP),提供备用处理场所,以支持工作运行。
Corrective纠正
A corrective control modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. It attempts to correct any problems resulting from a security incident. Corrective controls can be simple, such as terminating malicious activity or rebooting a system. They also include antimalware solutions that can remove or quarantine a virus, backup and restore plans to ensure that lost data can be restored, and intrusion prevention systems (IPSs) that can modify the environment to stop an attack in progress. The control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies. Examples include installing a spring on a door so that it will close and relock, and using file integrity checking tools, such as sigverif from Windows, which will replace corrupted boot files upon each boot event to protect the stability and security of the booted OS.
纠正性控制是在发生不需要或未经授权的活动后,改变环境使系统恢复正常。不需要的或未经授权的活动发生后,系统恢复正常。它试图纠正由安全事件导致的任何问题。安全事件导致的问题。纠正控制可以很简单,例如终止恶意活动或重启系统。活动或重启系统。它们还包括反恶意软件解决方案,可以删除或隔离病毒、备份和重启系统。隔离病毒的反恶意软件解决方案、确保丢失的数据可以恢复的备份和还原计划,以及入侵防御系统 (IPS),可修改环境以阻止正在进行的攻击。入侵防御系统 (IPS)。部署控制以修复或恢复资源、功能和能力。在违反安全策略后修复或恢复资源、功能和能力。例如,在门上安装弹簧,使其关闭并重新上锁;使用文件完整性检查工具,如 Windows 中的 sigverif等文件完整性检查工具,在每次启动时替换损坏的启动文件,以保护启动操作系统的稳定性和安全性。
Recovery恢复
Recovery controls are an extension of corrective controls but have more advanced or complex abilities. A recovery control attempts to repair or restore resources, functions, and capabilities after a security policy violation. Recovery controls typically address more significant damaging events compared to corrective controls, especially when security violations may have occurred.Examples of recovery controls include backups and restores, fault-tolerant drive systems, system imaging, server clustering, antimalware software, and database or virtual machine shadowing. In relation to business continuity and disaster recovery, recovery controls can include hot, warm, and cold sites; alternate processing facilities; service bureaus; reciprocal agreements;cloud providers; rolling mobile operating centers; and multisite solutions.
恢复控制是纠正控制的延伸,但具有更高级或更复杂的能力。恢复控制试图在违反安全策略后修复或恢复资源、功能和能力。与纠正性控制措施相比,恢复性控制措施通常能解决更严重的破坏性事件,尤其是在可能发生安全违规的情况下。恢复性控制措施的例子包括备份和恢复、容错驱动系统、系统成像、服务器集群、反恶意软件以及数据库或虚拟机阴影。在业务连续性和灾难恢复方面,恢复控制可包括热站点、温站点和冷站点;备用处理设施;服务局;互惠协议;云提供商;滚动移动运营中心;以及多站点解决方案。恢复控制是纠正控制的延伸,但具有更高级或更复杂的能力。恢复控制试图在违反安全策略后修复或恢复资源、功能和能力。与纠正性控制措施相比,恢复性控制措施通常能解决更严重的破坏性事件,尤其是在可能发生安全违规的情况下。恢复性控制措施的例子包括备份和恢复、容错驱动系统、系统成像、服务器集群、反恶意软件以及数据库或虚拟机阴影。在业务连续性和灾难恢复方面,恢复控制可包括热站点、温站点和冷站点;备用处理设施;服务局;互惠协议;云提供商;滚动移动运营中心;以及多站点解决方案。
Directive 指令
A directive control is deployed to direct, confine, or control the actions of subjects to force or encourage compliance with security policies. Examples of directive controls include security policy requirements or criteria, posted notifications, guidance from a security guard, escape route exit signs, monitoring, supervision, and procedures.
指令性控制部署的目的是指导、限制或控制主体的行动,以强制或鼓励遵守安全策略。指令性控制的例子包括安全政策要求或标准、张贴的通知、保安员的指导 保安政策要求或标准、张贴的通知、保安员的指导、逃生路线出口标志、监控、监督和指示、 逃生路线出口标志、监控、监督和程序。
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...