Page 184 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 184

normal after an unwanted or unauthorized activity has occurred. It
               attempts to correct any problems that occurred as a result of a security

               incident. Corrective controls can be simple, such as terminating
               malicious activity or rebooting a system. They also include antivirus
               solutions that can remove or quarantine a virus, backup and restore
               plans to ensure that lost data can be restored, and active IDs that can
               modify the environment to stop an attack in progress. The control is
               deployed to repair or restore resources, functions, and capabilities
               after a violation of security policies.



               Recovery

               Recovery controls are an extension of corrective controls but have
               more advanced or complex abilities. Examples of recovery controls
               include backups and restores, fault-tolerant drive systems, system
               imaging, server clustering, antivirus software, and database or virtual
               machine shadowing. In relation to business continuity and disaster
               recovery, recovery controls can include hot sites, warm sites, cold

               sites, alternate processing facilities, service bureaus, reciprocal
               agreements, cloud providers, rolling mobile operating centers, and
               multisite solutions.


               Directive

               A directive control is deployed to direct, confine, or control the actions
               of subjects to force or encourage compliance with security policies.
               Examples of directive controls include security policy requirements or
               criteria, posted notifications, escape route exit signs, monitoring,

               supervision, and procedures.


               Security Control Assessment

               A security control assessment (SCA) is the formal evaluation of a
               security infrastructure’s individual mechanisms against a baseline or
               reliability expectation. The SCA can be performed in addition to or

               independently of a full security evaluation, such as a penetration test
               or vulnerability assessment.

               The goals of an SCA are to ensure the effectiveness of the security
               mechanisms, evaluate the quality and thoroughness of the risk
   179   180   181   182   183   184   185   186   187   188   189