Mitigation and Deterrent Techniques

Among the risk strategies that can be pursued, and that were discussed in Chapter 1, are mitigation and deterrence. This section looks at various techniques for implementing those strategies, including manual bypassing of electronic controls, monitoring system logs, security posture, reporting, and detection/prevention controls.

Manual Bypassing of Electronic Controls

It is always possible for something to crash, be it an application, a system, a safeguard, or almost anything else. When it does fail—either through a crash or someone bypassing the expected control path—there are two states that it can fail in: failsafe (secure) or failopen (not secure).

When using failsafe, the application stops all work, reports ...

Get CompTIA® Security+™: Study Guide, Fifth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.