1
00:00:00,210 --> 00:00:06,210
Throughout this section, you might have heard me sing the word security control, so now you might

2
00:00:06,210 --> 00:00:09,110
have question are what actually is a security control?

3
00:00:09,120 --> 00:00:11,580
Why is he always saying security control?

4
00:00:11,580 --> 00:00:14,370
But I don't know what security control is.

5
00:00:14,880 --> 00:00:15,930
Well, don't worry.

6
00:00:16,230 --> 00:00:20,090
In this lecture, we are going to discuss on security controls.

7
00:00:20,100 --> 00:00:22,170
It's just a short video.

8
00:00:22,170 --> 00:00:24,900
It's just a short lecture, I hope.

9
00:00:24,900 --> 00:00:30,260
And I'm very sure that this lecture will clear all your doubts regarding a security control.

10
00:00:31,320 --> 00:00:41,460
Now, security control is any process, policy procedure, guideline practice or organizational structure,

11
00:00:41,460 --> 00:00:47,820
which can be administrative, technical management or legal in nature.

12
00:00:48,420 --> 00:00:55,110
So controls for information security include any process, any policy, for example, access control

13
00:00:55,110 --> 00:01:00,990
policy, mobile use policy, password, policy, duty, H.R. policy, anything.

14
00:01:01,260 --> 00:01:08,460
It can be a procedure to assess the risk can be guidelines to set up infrastructure, a best practice

15
00:01:08,460 --> 00:01:13,440
like ideal or an organizational structure which can be administrative.

16
00:01:13,920 --> 00:01:22,980
Now, synonyms for controls can include major, it can be a countermeasure security device, etc. So

17
00:01:22,980 --> 00:01:29,550
basically control is a measure that helps in modifying the risk or altering the risk, eliminating the

18
00:01:29,550 --> 00:01:29,880
risk.

19
00:01:30,600 --> 00:01:36,900
It's like basically you control it's the risk that can have an impact on the organization.

20
00:01:37,830 --> 00:01:39,810
And what is a control objective?

21
00:01:40,020 --> 00:01:42,690
A control objective is a statement.

22
00:01:42,960 --> 00:01:50,630
What saying that what is to be achieved as a result of implementing a security control, so let's say

23
00:01:50,630 --> 00:01:53,940
is a security control and B, the security objective.

24
00:01:54,390 --> 00:02:02,580
So B says that B describes what things should be done after implementing E, for example, let's say

25
00:02:03,210 --> 00:02:09,690
to Genndy is, let's say, a security control to manage the password, which is the password should

26
00:02:09,690 --> 00:02:12,150
not be more than eight characters.

27
00:02:12,360 --> 00:02:14,370
That is the security objective.

28
00:02:14,520 --> 00:02:19,470
That is the B and A is password management, password management.

29
00:02:19,470 --> 00:02:21,780
Security control is E.

30
00:02:22,800 --> 00:02:29,070
So now when it comes to security controls, there are four major types of security controls.

31
00:02:29,460 --> 00:02:31,410
The first one is technical control.

32
00:02:31,890 --> 00:02:34,410
The second one is administrative control.

33
00:02:34,740 --> 00:02:37,200
The third one is managerial control.

34
00:02:37,530 --> 00:02:42,630
And the final one is legal control, not in technical control.

35
00:02:42,690 --> 00:02:45,180
The controls are let me use my pen.

36
00:02:45,300 --> 00:02:47,310
The first one is technical control.

37
00:02:48,150 --> 00:02:54,960
Now, in this, the controls related to the use of technical measures or technologies such as firewalls,

38
00:02:55,200 --> 00:03:03,720
alarm systems, surveillance cameras, intrusion detection systems, etc. Administrative controls can

39
00:03:03,720 --> 00:03:11,310
be controls related to the organizational structure, such as segregation of duties, job rotations,

40
00:03:11,460 --> 00:03:15,270
job descriptions, approval processes, etc..

41
00:03:16,500 --> 00:03:23,040
Management controls can be the controls related to the management of people, including the training

42
00:03:23,040 --> 00:03:25,230
and the coaching of employees.

43
00:03:25,650 --> 00:03:34,770
Management review and audits and legal controls are the controls related to the applications of legislation,

44
00:03:35,010 --> 00:03:38,190
regulatory requirements or compliance requirements.

45
00:03:38,850 --> 00:03:44,220
Now, make sure that an administrative control is more related to the structure of the organization

46
00:03:44,220 --> 00:03:52,890
as a whole without being applied to a specific person while manager controls can be applied to a specific

47
00:03:53,040 --> 00:03:53,580
person.

48
00:03:54,810 --> 00:04:00,630
Now, the differences between these types of controls are just for your understanding and you should

49
00:04:00,630 --> 00:04:01,140
know it.

50
00:04:02,460 --> 00:04:10,440
So, as I said earlier about the security objectives and security controls in this particular description,

51
00:04:10,440 --> 00:04:17,250
in this particular video, we are going to see an example of security objectives and different security

52
00:04:17,250 --> 00:04:17,880
controls.

53
00:04:19,530 --> 00:04:27,330
So now this is the security control that you should be placing in an organization that is, let's take

54
00:04:27,330 --> 00:04:35,520
an example to ensure the correct and secure operations of information processing facilities so security

55
00:04:35,520 --> 00:04:49,490
control can be documented, operational procedures, change management, Barredo through DOD, could

56
00:04:49,500 --> 00:04:56,280
a growing capacity, management and separation of development and testing and operational environments.

57
00:04:56,850 --> 00:05:02,850
So if capacity management can be managed, that is the control to ensure the correct and secure operations

58
00:05:02,850 --> 00:05:05,370
of information processing facilities.

59
00:05:06,600 --> 00:05:12,840
So I hope you have an idea of security objective and security control, so this right around here,

60
00:05:12,960 --> 00:05:18,510
as you can see, this is the security objective that is to ensure what is our objective.

61
00:05:18,810 --> 00:05:25,710
Our objective is to ensure and secure operations of information processing facilities in order to achieve

62
00:05:25,710 --> 00:05:26,640
these objectives.

63
00:05:26,650 --> 00:05:33,450
These security controls are implemented so that this objective can be achieved.

64
00:05:35,140 --> 00:05:37,560
Now, that is it for this lecture.

65
00:05:37,770 --> 00:05:44,370
In this lecture we have seen about the security controls, why do we need security controls and relationship

66
00:05:44,370 --> 00:05:49,180
between security objectives and security controls in the next lecture?

67
00:05:49,420 --> 00:05:53,910
We'll talk about the classes of security controls, which are very important.

68
00:05:54,240 --> 00:05:56,240
I'll see you in the next lecture.