Trust Service Framework
- security
- confidentiality
- privacy
- processing integrity
- availability
Types of information securities (IS) Preventative security controls
-user access controls
-physical/network access controls
-detective security controls
Multifactor authentication
The use of two or more types of authentication credentials in conjunction to achieve a greater level of security.
Biometric identifier
A physical or behavioral characteristic used as an authentication credential.
Border router
A device that connects an organization’s information system to the Internet.
Firewall Firewall
A network security system or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Demilitarized zone (DMZ)
A separate network located outside the organization’s internal information system that permits controlled access from the Internet.
Routers
Special purpose devices designed to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next.
Network Intrusion Detection Systems (IDSs)
A set of sensors and a central monitoring unit that analyze logs for signs of attempted or successful intrusions.
Preventive Controls
These are designed to deter problems before they occur
Examples of Preventive controls
-Hiring qualified personnel
-Segregating employee duties
-Controlling physical access to assets and information
Detective controls
These help identify problems that have already occurred. Examples include:
detective controls examples
-Duplicate checking of calculations
-Preparing bank reconciliations
-Employee monitoring and log analysis
corrective controls
These are used to fix problems and recover from errors. Examples include
corrective controls examples
Maintaining backup copies of files
Correcting data entry errors
Resubmitting transactions for processing
