Administrative
These security controls are put in place to define and guide employee actions in a workplace when dealing with sensitive information. E.g. Policy might dictate that HR do background checks on all employees with access to sensitive information.
Technical
These are devices, processes, protocols and other measures used to protect C.I.A of sensitive information. These might include
logical access systems (Lock and key), encryption systems, antivirus systems, firewalls etc
Physical
Security controls are devices and means to control physical access to sensitive information and its availability. Examples could be a physical access systems (fence, guards etc), physical intrusion detection systems (motion sensor, alarms etc) or physical protection systems such as fire alarms, backup generators.
No comments:
Post a Comment