Skip to main content

Controls


InWhile an organization, plansframeworks are put in place to protect against a variety of threats, risks, and vulnerabilities. However, the requirements used to protect organizations and people often overlap. Because of this, organizations use security frameworks as a starting point to create their own security policies and processes.
Play video starting at ::24 and follow transcript0:24
Let's start by quickly reviewing what frameworks are. Security frameworks are guidelines used for building plans to helpaddress mitigatesecurity risks, threats, and vulnerabilities, controls are used to reduce specific risks. If proper controls are not in place, an organization could face significant financial impacts and damage to their reputation because of exposure to risks andincluding threatstrespassing, creating fake employee accounts, or providing free benefits.

Let's review the definition of controls. Security controls are safeguards designed to datareduce specific security risks. In this video, we'll discuss three common types of controls: encryption, authentication, and privacy,authorization.

Encryption is the process of converting data from a readable format to an encoded format. Typically, encryption involves converting data from plaintext to ciphertext. Ciphertext is the raw, encoded message that's unreadable to humans and computers. Ciphertext data cannot be read until it's been decrypted into its original plaintext form. Encryption is used to ensure confidentiality of sensitive data, such as socialcustomers' engineeringaccount attacks and ransomware. Security involves more than just the virtual space. It also includes the physical, which is why many organizations have plans to maintain safety in the work environment. For example, access to a building may require using a key cardinformation or badge.
Play video starting at ::54 and follow transcript0:54
Othersocial security frameworksnumbers.

Another provide guidance for how to prevent, detect, and respond to security breaches. This is particularly important when trying to protect an organization from social engineering attacks like phishingcontrol that target their employees.
Play video starting at :1:9 and follow transcript1:09
Remember, people are the biggest threat to security. So frameworks can be used to createprotect planssensitive data is authentication. Authentication is the process of verifying who someone or something is. A real-world example of authentication is logging into a website with your username and password. This basic form of authentication proves that increaseyou employeeknow awarenessthe username and educatepassword themand aboutshould howbe allowed to access the website. More advanced methods of authentication, such as multi-factor authentication, or MFA, challenge the user to demonstrate that they canare protectwho thethey organization,claim theirto co-workers,be by requiring both a password and themselves.an Educatingadditional employeesform aboutof existingauthentication, like a security challengescode isor essentialbiometrics, forsuch minimizingas thea possibilityfingerprint, voice, or face scan.

Biometrics are unique physical characteristics that can be used to verify a person's identity. Examples of biometrics are a fingerprint, an eye scan, or a palm scan. One example of a breach.
Playsocial videoengineering startingattack atthat :1:32can exploit biometrics is vishing. Vishing is the exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source. For example, vishing could be used to impersonate a person's voice to steal their identity and followthen transcript1:32commit a crime.
Providing
Another employeevery trainingimportant aboutsecurity howcontrol is authorization. Authorization refers to recognizethe redconcept flags,of orgranting potentialaccess threats,to specific resources within a system. Essentially, authorization is essential, along with having plans in placeused to quicklyverify reportthat anda addressperson securityhas issues.permission to access a resource. As an analyst,example, itif willyou're beworking importantas an entry-level security analyst for the federal government, you could have permission to understandaccess anddata implementthrough the plansdeep yourweb organizationor hasother ininternal placedata tothat keepis only accessible if you're a federal employee.

The security controls we discussed today are only one element of a core security model known as the organization,CIA itstriad. employees, and the people it serves safe from social engineering attacks, breaches, and other harmful security incidents.
Play video starting at :2: and follow transcript2:00
Coming up, we'll reviewtalk more about this model and discusshow security controls,teams whichuse are used alongside frameworksit to achieveprotect antheir organization's security goals.organizations.
(Required)
en