Perimeter Control: Keeping Intruders Out & Employees Safe

Arata (2009) defines perimeter control as a security control measure that is meant to either keep intruders out or keep people or data contained within a given set of boundaries. Perimeter controls are employed to keep employees of an organization safe as well as control the flow of data and information within the boundaries set. An example of a perimeter control includes the physical security measures that prevent unauthorized physical access to IT system such as locked doors and security guards. On the other hand, internal control includes all the measures and processes that an organization undertakes to protect its assets and facilities. They act as restrictors to abuse or fraud and help to identify evidence of either fraud or abuse committed. Examples of internal controls include preventive controls such as written policies and procedures as well as detective controls such as the internal audit of accounts.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Controls included in a Defense In-Depth Strategy

According to Andress (2014), defense in depth can be identified as an information strategy whereby a majority of the layers of protection are placed throughout an IT system. The defense in-depth focus on the security vulnerabilities in technology, personnel as well as operation throughout the system's life cycle. This strategy encompasses three main controls that work together to ensure that all the vulnerabilities of the organization are identified. The approach incorporates the physical controls, which are the security measures that prevent physical access to IT systems. Examples of physical controls include locked doors and security guards. The strategy also incorporates technical controls which are security measures that protect the network systems or resources using hardware and software that is specialized, such as firewalls and antiviruses. Finally, the strategy includes the internal controls, which are security measures that are undertaken to prevent and detect the occurrence of fraud or abuse, such as policies and procedures.

How Security Controls are Tested and Verified

Abernathy & McMillan (2018) pointed out that organizations must ensure that all their security controls are tested thoroughly. This involves conducting tests such as vulnerability assessment that helps to identify the weak areas in a network as well as help set prioritization in the corporation. Log review tests are also conducted in the organization to identify any security incidents, policy violations, or occurrence of fraud. Security control tests also involve penetration tests that help to simulate an attack and determine possible threats that the system may encounter from both internal and external resources that aim to exploit its vulnerabilities. Synthetic transaction tests are also conducted to identify possible insights into the availability and performance of the system. The synthetic transaction also identifies potential problems before the users can experience degradation. Code review and testing is a security control test that aims to identify bad programming patterns, functional bugs, security misconfigurations, as well as logic flaws. Security control testing also includes the misuse case testing or negative testing, which tests an application to ensure that the application is capable of handling invalid output or unexpected behavior. Finally, test coverage analysis is a review that uses test cases written against the application requirements and specifications to identify areas that are not exercised by the test cases. Completion of all these tests enables the verification of the system controls.

References

Abernathy, R., & McMillan, T. (2018). Security Assessment and Testing. In CISSP Cert Guide: CISSP Cert Guide (3rd ed.). Hoboken, NJ: Pearson IT Certification.

Andress, J. (2014). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (2nd ed.). Amsterdam, Netherlands: Elsevier.

Arata, M. J. (2006). Perimeter Security. New York, NY: McGraw Hill Professional.