Focused on protecting material assets

Implemented with technology

Executed by computer systems (instead of people)

Also known as administrative controls

Sometimes called logical security controls

Encryption

Security audits

IDSs

Organizational security policy

Firewalls

Also known as administrative controls

Focused on reducing the risk of security incidents

Executed by computer systems (instead of people)

Documented in written policies

Sometimes referred to as logical security controls

Configuration management

Data backups

Organizational security policy

Risk assessments

Security awareness training

Executed by computer systems (instead of people)

Also known as administrative controls

Primarily implemented and executed by people (as opposed to computer systems)

Used to ensure that the equipment continues to work as specified

Focused on the day-to-day procedures of an organization

Risk assessments

Configuration management

System backups

Authentication protocols

Patch management

Managerial security controls

Physical security controls

Technical security controls

Operational security controls