In this chapter we discuss in more detail the technical controls that are implemented to provide protection against security incidents. This includes the detection, prevention and mitigation of such incidents.

There are three main types of control:

  • physical, for example locks on doors and secure cabinets;
  • procedural, for example checking references for job applicants;
  • product and technical controls, for example passwords or encryption.

Of these, the product and technical controls are perhaps the most important in terms of information security since they are often the last barrier to illegal or unauthorized activity. As mentioned in Chapter 4, we deal here with mainly generic controls because the more detailed ...

Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.