Types ofControls
There are two types of controls: active and proactive responses. The proactive security control purpose is to spot threats before they materialize.
Once data security breaches or incidents happen, you need to know how to respond to a range of incidents, from innocent breaches to targeted hacking disasters. As we know that the availability of data is one of the factors to consider, if a breach means customers can’t access data because of any reason, it doesn’t matter if the root cause is a DoS ( denial of service) attack or a fire.
The responses of many disaster recovery and data breach controls overlap; e.g., applying software patches that close security holes, backing up data, and using high- availability systems.
Proactive data security controls include monitoring networks and systems and running intrusion-detection systems, as well as encryption of data at rest, in motion, or processing.
Technical controls are how the software and hardware tools put data security in place.
Operational controls are defined to keep systems and applications secure. The principle of least privilege is one of the common policies organizations should have. ACL (access control list) is one of the ways to install policies. These policies ensure that you stay in compliance with regulations like GDPR (general data protection regulation).
Architectural data security controls work on how you connect to and between different systems; e.g., systems like VPNs (virtual private networks) and cloud applications use networks. If these systems aren’t secure, data is vulnerable. These controls look to improve on vulnerability points and set up policies and procedures to close those gaps, such as penetration testing, vulnerability assessments, and design reviews.
The purpose of monitoring authentication and access behavior is as follows:
• Finding out who is connecting, for what, where, and when, and who is accessing information assets, which is a basic requirement for compliance auditing.
• Alert security administrators to unpredictable, unusual, suspicious,and unforeseen situations, and compensate for oversights in data security planning, design, and implementation.