Controls

InWhile ~~an organization, plans~~frameworks are ~~put in place to protect against a variety of threats, risks, and vulnerabilities. However, the requirements~~ used to ~~protect organizations and people often overlap. Because of this, organizations use security frameworks as a starting point to~~ create ~~their own security policies and processes.~~
~~Play video starting at ::24 and follow transcript0:24~~
~~Let's start by quickly reviewing what frameworks are. Security frameworks are guidelines used for building~~ plans to ~~help~~address ~~mitigate~~security risks, threats, and vulnerabilities, controls are used to reduce specific risks. If proper controls are not in place, an organization could face significant financial impacts and damage to their reputation because of exposure to risks ~~and~~including ~~threats~~trespassing, creating fake employee accounts, or providing free benefits.

Let's review the definition of controls. Security controls are safeguards designed to ~~data~~reduce specific security risks. In this video, we'll discuss three common types of controls: encryption, authentication, and ~~privacy,~~authorization.

Encryption is the process of converting data from a readable format to an encoded format. Typically, encryption involves converting data from plaintext to ciphertext. Ciphertext is the raw, encoded message that's unreadable to humans and computers. Ciphertext data cannot be read until it's been decrypted into its original plaintext form. Encryption is used to ensure confidentiality of sensitive data, such as ~~social~~customers' ~~engineering~~account attacks and ransomware. Security involves more than just the virtual space. It also includes the physical, which is why many organizations have plans to maintain safety in the work environment. For example, access to a building may require using a key cardinformation or ~~badge.~~
~~Play video starting at ::54 and follow transcript0:54~~
~~Other~~social security ~~frameworks~~numbers.

Another ~~provide guidance for how to prevent, detect, and respond to security breaches. This is particularly important when trying to protect an organization from social engineering attacks like phishing~~control that ~~target their employees.~~
~~Play video starting at :1:9 and follow transcript1:09~~
~~Remember, people are the biggest threat to security. So frameworks~~ can be used to ~~create~~protect ~~plans~~sensitive data is authentication. Authentication is the process of verifying who someone or something is. A real-world example of authentication is logging into a website with your username and password. This basic form of authentication proves that ~~increase~~you ~~employee~~know ~~awareness~~the username and ~~educate~~password ~~them~~and ~~about~~should ~~how~~be allowed to access the website. More advanced methods of authentication, such as multi-factor authentication, or MFA, challenge the user to demonstrate that they ~~can~~are ~~protect~~who ~~the~~they ~~organization,~~claim ~~their~~to ~~co-workers,~~be by requiring both a password and ~~themselves.~~an ~~Educating~~additional ~~employees~~form ~~about~~of ~~existing~~authentication, like a security ~~challenges~~code isor ~~essential~~biometrics, ~~for~~such ~~minimizing~~as ~~the~~a ~~possibility~~fingerprint, voice, or face scan.

Biometrics are unique physical characteristics that can be used to verify a person's identity. Examples of biometrics are a fingerprint, an eye scan, or a palm scan. One example of a ~~breach.~~
~~Play~~social ~~video~~engineering ~~starting~~attack atthat ~~:1:32~~can exploit biometrics is vishing. Vishing is the exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source. For example, vishing could be used to impersonate a person's voice to steal their identity and ~~follow~~then ~~transcript1:32~~commit a crime.
~~Providing~~
Another ~~employee~~very ~~training~~important ~~about~~security ~~how~~control is authorization. Authorization refers to ~~recognize~~the ~~red~~concept ~~flags,~~of orgranting ~~potential~~access ~~threats,~~to specific resources within a system. Essentially, authorization is ~~essential, along with having plans in place~~used to ~~quickly~~verify ~~report~~that ~~and~~a ~~address~~person ~~security~~has ~~issues.~~permission to access a resource. As an ~~analyst,~~example, itif ~~will~~you're beworking ~~important~~as an entry-level security analyst for the federal government, you could have permission to ~~understand~~access ~~and~~data ~~implement~~through the ~~plans~~deep ~~your~~web ~~organization~~or ~~has~~other ininternal ~~place~~data tothat ~~keep~~is only accessible if you're a federal employee.

The security controls we discussed today are only one element of a core security model known as the ~~organization,~~CIA ~~its~~triad. ~~employees, and the people it serves safe from social engineering attacks, breaches, and other harmful security incidents.~~
~~Play video starting at :2: and follow transcript2:00~~
Coming up, we'll ~~review~~talk more about this model and ~~discuss~~how security ~~controls,~~teams ~~which~~use ~~are used alongside frameworks~~it to ~~achieve~~protect antheir ~~organization's security goals.~~organizations.
~~(Required)~~
en