Administrative controls:
Physical controls:
Technical controls:
The first piece to building a security foundation within an organization is a security policy. It is management’s responsibility to construct a security policy and delegate the development of the supporting procedures, standards, and guidelines; indicate which personnel controls should be used; and specify how testing should be carried out to ensure all pieces fulfill the company’s security goals. These items are administrative controls and work at the top layer of a hierarchical access control model.
Personnel controls indicate how employees are expected to interact with security mechanisms and address noncompliance issues pertaining to these expectations.
Management must construct a supervisory structure in which each employee has a superior to report to, and that superior is responsible for that employee’s actions.
A company’s security depends upon technology and people, and people are usually the weakest link and cause the most security breaches and compromises.
All security controls, mechanisms, and procedures must be tested on a periodic basis to ensure they properly support the security policy, goals, and objectives set for them.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.8 物理/逻辑访问的控制