CompTIA CySA+
1. Technical—The control is implemented as a system (hardware, software, or firmware). For
example, firewalls, anti-virus software, and OS access control models are technical controls.
Technical controls may also be described as logical controls.
2. Operational—The control is implemented primarily by people rather than systems. For
example, security guards and training programs are operational controls rather than technical
controls.
3. Managerial—The control gives oversight of the information system. Examples could
include risk identification or a tool allowing the evaluation and selection of other security
controls.
4. Compensating: this acts as a substitute for a principal control, but must give the same level
of security assurance as the control it is replacing, e.g. a physical barrier blocking a section of
open fence, or developing a workaround for an embedded OS which cannot be patched or
updated -
What are the four types of Security Control Categories?
- Security Intelligence
- CTI (Cyber Threat Intelligence)
1. Narrative reports—Analysis of certain adversary groups or a malware sample provided as a
written document. These provide valuable information and knowledge, but in a format that
must be assimilated manually by analysts. This is most useful at providing strategic
intelligence to influence security control selection and configuration
2. Data feeds—Lists of known bad indicators, such as domain names or IP addresses
associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit
code. This provides tactical or operational intelligence that can be used within an automated
system to inform real-time decisions and analysis as part of incident response or digital
forensics. -
- This is looking inward at the process through which data generated in the ongoing
use of information systems is collected, processed, integrated, evaluated, analyzed, and
interpreted to provide insights into the security status of those systems. For example: this
could reveal a DDoS attack has taken place based on logs and traffic data
- This is looking outward and providing data about the external threat landscape, such as
active hacker groups, malware outbreaks, zero-day exploits, and so on.
- What are two formats the second thing above is typically produced in?
1. Requirements (Planning & Direction): sets goals for intelligence gathering effort. Shows
how intelligence will support business goals. May also create use cases here. Consider special
factors & constraints such as regulations
2. Collection and Processing: usually implemented by software suites such as SIEM. Data is
put into a consistent format so analysis tools can operate on it. Scripting or manual processing
may be required. Data must be kept secure.
3. Analysis: after data has been captured and normalized, anomalies are identified. Use cases,
AI, and machine learning are useful here.
4. Dissemination: publishing information from analysis to consumers who need to act on it.
Has many forms from status alerts to analyst reports. Should be tailored for the audience.
This occurs at strategic, operational, and tactical levels.
5. Feedback: goal is to improve all other phases. Would include lessons learned, measurable -
1 | P a g e