In cyber security there are several types of security controls. They can be utilized such as being used and tested in different types of ways. A large portion of companies or businesses have more than one control in place in order to deliver a more intensive layer of security. After these security controls are put into production, they ensure that the organizations have that layer of security/defense, but also the controls have to be tested in order to make sure they work accordingly.

As stated previously, there are several types of security controls which can be split up into two categories. Those two categories are Perimeter Controls and Internal Controls. The first control I will talk about will be perimeter. Perimeter control are those that protects and defends the environment from anything that comes from the outside, in order to get access to the inside network. Some of the more commonly used Perimeter controls are firewall or intrusion detection system (Mitchell, 2006). These controls “keep external threats from internal networks” (Mitchell, 2006). Now we have Internal controls, “Internal controls are the policies and procedures that a business puts into place in order to protect its assets, maximize the efficiency of its operation and promote an atmosphere of compliance among its employees” (Furlong, 2017). Some examples of internals controls could be cyber compliance training, daily scans, whether its computers or network. These controls are unusually set by an organization which are ultimately utilized to prevent more damage if an attack manages to pass through the perimeter controls such as the firewall. If one wants to have a secured environment the whole organizations has to use multiple layers of security in order to be successful.

Multiple layers of security or as some say layered security or depth in defense is usually the coordination of several security countermeasures in order to protect the integrity of the information in an enterprise (Rouse). There are numerous ways that one can implement layered security, but I think the best preventative measure will be to use both perimeter and Internal controls. A firewall or an Intrusion Detection System (IDS) can be utilized as perimeter control. In today’s technology most firewalls are capable of doing all three functions, firewall, Intrusion Detection System (IDS), and Intrusion Prevention System (IPS). Once the perimeter controls are in place you will have to decide what internal controls will give you the best measures for defense. Some of the more common internal controls are antivirus, behavioral analysis, and analyzing data integrity (“What is Defense in Depth?”, 2018).

After implementing the controls outlined for the information system (IS), you will have to test it. The main reason for testing is to make sure you are keeping the integrity of the IS and everything within the IS. Usually to test the controls one would work from outside in, meaning the first line of defense would be to test the firewalls preventative measures that are in place. To test this, you can use UPnP Exposure Test, Windows Messenger Spam Test, and Browser Headers Check (Navarro, 2018). All of these test will check multiple of vulnerabilities if they are open. Another solutiuon would be to outsource a Pen-tester, or if one is withing the organization to test and make sure that the controls are working properly as they should.

pur-new-sol

Related Questions