1
00:00:00,180 --> 00:00:04,690
In the last lecture, we saw the definition of information security control.

2
00:00:05,310 --> 00:00:09,870
Now let's have a look at the classification of security controls.

3
00:00:11,160 --> 00:00:18,240
Security controls are classified into three types preventive controls, detective control and corrective

4
00:00:18,240 --> 00:00:26,190
control, preventive control, that is a first class discourages or prevents the appearance of the problems.

5
00:00:27,450 --> 00:00:35,130
And the detective control is the search for detect and identify the problems and corrective controls

6
00:00:35,280 --> 00:00:39,570
are used to solve and prevent the reoccurrence of different issues.

7
00:00:40,620 --> 00:00:45,180
Important note here is these different types of controls are interlinked.

8
00:00:45,360 --> 00:00:52,440
For example, the implementation of an antivirus solution is a preventive control as it provides protection

9
00:00:52,440 --> 00:00:53,460
against malware.

10
00:00:53,670 --> 00:00:54,030
Right.

11
00:00:54,480 --> 00:00:56,790
But at the same time, listen carefully.

12
00:00:57,000 --> 00:01:00,810
At the same time, the antivirus is a detective measure.

13
00:01:01,110 --> 00:01:07,770
When it detects a potential virus simultaneously, it provides a corrective measure when suspicious

14
00:01:07,770 --> 00:01:10,250
file is quarantined or deleted.

15
00:01:10,260 --> 00:01:16,200
So these controls are interrelated, but you have to make sure that you understand the major differences

16
00:01:16,470 --> 00:01:19,320
between these preventive control.

17
00:01:19,650 --> 00:01:26,430
It actually discourages or prevents the occurrence of problems that is detected, problems even before

18
00:01:26,430 --> 00:01:32,700
they occur, control the operations or prevent error or omissions or malicious acts.

19
00:01:33,600 --> 00:01:40,950
Examples can be separate development and testing, environment, restriction of access to systems publishing

20
00:01:40,950 --> 00:01:49,200
and I assume its policy hiring only qualified personnel people and using cryptography or access control

21
00:01:49,200 --> 00:01:55,290
software that only allows authorized personnel to access sensitive files.

22
00:01:57,430 --> 00:02:03,880
The next type of security control is a detective control now detect the goal of distracted control is

23
00:02:03,880 --> 00:02:07,990
to search for and identify the problems and incidents.

24
00:02:09,400 --> 00:02:15,850
So examples can be integration of checkpoints in the applications, eco controlling telecommunications

25
00:02:16,090 --> 00:02:22,990
alarms to detect smoke, heat, fire monitoring system, resources, alarm triggering, as I said,

26
00:02:23,650 --> 00:02:26,200
detect break ins and video cameras.

27
00:02:26,380 --> 00:02:33,280
Then technical review of applications after a modification of the operating system, the detection of

28
00:02:33,280 --> 00:02:37,860
potential intrusion on networks with an idea system or user access.

29
00:02:37,870 --> 00:02:43,690
Right now, the last security control is a corrective control.

30
00:02:44,110 --> 00:02:50,730
Now the goal of corrective control is to overcome the problems that have already been discovered and

31
00:02:50,740 --> 00:02:53,810
to prevent them from happening again.

32
00:02:55,150 --> 00:03:01,960
So the main objective of corrective controls is to minimize the impact of a threat, overcome problems

33
00:03:01,960 --> 00:03:09,550
discovered by the detection controls, identify the cause of the main problem, correct the errors arising

34
00:03:09,550 --> 00:03:16,510
from problem, and modify the processing system to reduce the presence of future minimum problems.

35
00:03:17,350 --> 00:03:23,410
Examples can include a review of the security policy after the integration of a new division to the

36
00:03:23,410 --> 00:03:24,160
organization.

37
00:03:24,760 --> 00:03:32,290
Appeal to the authorities to report a computer crime and change all the passwords of the systems implementation

38
00:03:32,290 --> 00:03:35,680
of patches enabling busy control plan.

39
00:03:36,760 --> 00:03:39,640
So these are examples of different security controls.

40
00:03:40,030 --> 00:03:46,390
But when it comes to your understanding, make sure you understand the examples of preventive controls,

41
00:03:46,870 --> 00:03:49,780
detective controls and corrective controls.

42
00:03:50,080 --> 00:03:55,690
If some you have someone asks you during your interview about differentiation between these controls,

43
00:03:55,690 --> 00:03:59,800
with the help of examples, you should be able to properly answer the question.

44
00:04:01,400 --> 00:04:06,340
That is it, folks, in the next lecture, we will see the relationship between the different information

45
00:04:06,340 --> 00:04:10,370
security aspects like threat, vulnerability and risks.

46
00:04:10,720 --> 00:04:16,210
I hope you're enjoying this schools and I hope your fundamentals of information security are getting

47
00:04:16,210 --> 00:04:22,180
clear if you're really enjoying this, cause I would just like you to please read our course because

48
00:04:22,360 --> 00:04:25,050
your feedback is very valuable to us.

49
00:04:25,420 --> 00:04:29,640
So I hope that you will read our course immediately after this lecture.

50
00:04:29,950 --> 00:04:34,360
I will wait to see your personal feedback and all receiving your review.

51
00:04:34,540 --> 00:04:35,620
I will personally.

52
00:04:35,620 --> 00:04:36,280
Thank you.

53
00:04:36,640 --> 00:04:38,670
So I will see you in the next lecture.