Domain 1
1.1 Security Controls
Compare and contrast various types of security controls.
0% Complete

A security control is any safeguard — policy, procedure, technology, or physical mechanism — that reduces risk and protects the CIA Triad (Confidentiality, Integrity, Availability).
Security+ splits controls two ways: - Categories → *where / how* the control is implemented - Types → *what* the control is meant to accomplish
The four categories
- Technical (logical) → enforced by hardware or software
- Examples: firewalls, antivirus, encryption, ACLs, MFA, IDS, IPS
- Managerial → governance and strategy from management
- Examples: policies, risk assessments, compliance programs, audits
- Operational → executed by people through day-to-day procedures
- Examples: security awareness training, incident response, account reviews, backups, onboarding/offboarding
- Physical → tangible protections for facilities and equipment
- Examples: locks, fences, guards, CCTV, lighting, bollards, badges, biometric readers, mantraps
Quick recall
- Technical = technology
- Managerial = planning & governance
- Operational = people & procedures
- Physical = tangible protections