1. Physical Control
Limit physical access to assets or that operate in a manner that reduce the impact of a physical event. E.g., locks on door, fire suppression equipment, fences and guards.
2. Technical Control
Also referred to as logical control. Enhance some facets of the CIA triad, usually operating within a system, often in electronic fashion. E.g., Encryption mechanisms, access control lists, audit trails and logs of system activity.
3. Administrative Control
Process and activities (necessarily not physical or technical) that provide some aspect of security. E.g., personnel background checks, scheduled routine log reviews, mandatory vacations, robust and comprehensive security policies and procedures, and designing business process so that there are no single point of failure and so that proper separation of duties exists.
Referenced from CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide.
沒有留言:
張貼留言