P8.4.
a. Preventive controls such as authentication so anyone trying accessing the system has to provide credentials and verify their identity, encryption so sensitive information cannot be accessed, and have a strong internal environment that educates employees on security measures.
Detective controls such as log analysis could be used to show determine if someone is trying to log on to a system and is unsuccessful.
Corrective controls such as having an effective CIRT that can access the laptop and block or delete important information so the theft cannot access the laptop.
b. Preventive controls such as a password can be used, but to ensure it stays effective it should be long, include multiple characters, be changed frequently, and not easily be guessed. Other types of
…show more content…
h. Preventive controls such as proper training and educating employees so they understand to never use a USB if they don’t know where it came from or what is on it. Antimalware or spyware software can be used for security protection.
i. Preventive controls such as proper training and implementation of CIRT so that employees know where to go when an attack occurs.
Corrective controls such as practicing the incident response plan and alert process can help when attacks occur and help identify gaps in the plan so they can be fixed for when a real attack happens.
j. Preventive controls such as testing the systems and securing access by requiring proper verification of the users attempting to obtain dial-in access. Remote authentication dial-in user service is one way of verifying users for this.
k. Preventive controls such as securing wireless access by encrypting wireless traffic and authenticating all devices that try to access the network before allowing them use to the IP address.
Detective controls such as an IDS could be used to analyze for signs of attempted or successful