Technical Controls

Technical Controls

This paper will elaborate on the following questions: How could Administrative, Technical, and Physical Controls introduce a false sense of security? What are the consequences of not having verification practices? What can a firm do to bolster confidence in their Defense-in-Depth strategy? How do these activities relate to "Best Practices"? How can these activities be used to demonstrate regulatory compliance? According to Security Control Types and Operational Security by James E. Purcell technical security controls (also called logical controls) are devices, processes, protocols, and other measures used to protect the C.I.A. of sensitive information.

How could administrative, technical, and physical controls introduce a false sense of security?

To define administrative, technical, and physical controls so that there is a better understanding of how these controls could introduce a false sense of security. According http://en.wikipedia.org/wiki/Information_security Administrative controls (also called procedural controls) consist of approved written policies, procedures, standards and guidelines. Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For example: doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. For example: passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls.

Administrative, Technical, and Physical controls introduce a false sense of security by the indication that the environment is totally secure. However any system is prone to fail regardless of what controls...