Lets understand the controls and event in Sequence
𝐄𝐱𝐩𝐥𝐚𝐧𝐚𝐭𝐢𝐨𝐧 𝐢𝐧 𝐒𝐞𝐪𝐮𝐞𝐧𝐜𝐞:
𝐃𝐢𝐫𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: The organization puts a policy in place that prohibits employees from browsing social media during work hours (9 AM to 5 PM). This policy sets the baseline for acceptable behavior.
𝐃𝐞𝐭𝐞𝐫𝐫𝐞𝐧𝐭 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: An internal warning is issued to all employees: If anyone is found violating this rule, necessary action will be taken (such as a disciplinary warning or suspension). This deters employees from breaking the rules.
𝐏𝐫𝐞𝐯𝐞𝐧𝐭𝐚𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥:To ensure employees cannot access social media during work hours, a proxy server is installed at the network level. The proxy blocks all social media websites, effectively preventing employees from opening such sites.
𝐂𝐨𝐦𝐩𝐞𝐧𝐬𝐚𝐭𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: To mitigate the risk of employees using external devices, like dongles or mobile hotspots, to bypass the network-level restrictions, the company uses Data Loss Prevention (DLP) software on endpoints. The DLP restricts access to non-company-approved internet connections.
𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥:The company uses network monitoring tools and regularly checks DLP logs to detect any attempts to bypass the network or use unauthorized devices to access restricted sites.
𝐂𝐨𝐫𝐫𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: If an employee is detected bypassing these controls, their network access is terminated immediately. The incident is escalated to management or HR, and the employee may face further disciplinary actions based on company policy.
#CISSP #cyberecurity #cisa #security+ #cism #grc #infosec
Study with me join my telegram
𝐄𝐱𝐩𝐥𝐚𝐧𝐚𝐭𝐢𝐨𝐧 𝐢𝐧 𝐒𝐞𝐪𝐮𝐞𝐧𝐜𝐞:
𝐃𝐢𝐫𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: The organization puts a policy in place that prohibits employees from browsing social media during work hours (9 AM to 5 PM). This policy sets the baseline for acceptable behavior.
𝐃𝐞𝐭𝐞𝐫𝐫𝐞𝐧𝐭 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: An internal warning is issued to all employees: If anyone is found violating this rule, necessary action will be taken (such as a disciplinary warning or suspension). This deters employees from breaking the rules.
𝐏𝐫𝐞𝐯𝐞𝐧𝐭𝐚𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥:To ensure employees cannot access social media during work hours, a proxy server is installed at the network level. The proxy blocks all social media websites, effectively preventing employees from opening such sites.
𝐂𝐨𝐦𝐩𝐞𝐧𝐬𝐚𝐭𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: To mitigate the risk of employees using external devices, like dongles or mobile hotspots, to bypass the network-level restrictions, the company uses Data Loss Prevention (DLP) software on endpoints. The DLP restricts access to non-company-approved internet connections.
𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥:The company uses network monitoring tools and regularly checks DLP logs to detect any attempts to bypass the network or use unauthorized devices to access restricted sites.
𝐂𝐨𝐫𝐫𝐞𝐜𝐭𝐢𝐯𝐞 𝐂𝐨𝐧𝐭𝐫𝐨𝐥: If an employee is detected bypassing these controls, their network access is terminated immediately. The incident is escalated to management or HR, and the employee may face further disciplinary actions based on company policy.
#CISSP #cyberecurity #cisa #security+ #cism #grc #infosec
Study with me join my telegram