[Mile2Test]

Discuss the types of controls a company could implement to help secure a company’s net.

[Seth Brumfield]

Our text book talks about different controls a company can take to secure it’s network and data. The include physical, access, administrative, and network. Physical controls include putting the servers in a locked room, fence around a building, or security. Access control is making sure people with access have the need to know. It is important to start with the assumption of least privileged user, giving everyone the minimum until they need more access. Administrative controls include things like training, and making sure people understand the processes. Also enforcing the process is important. The narrator talked about going to another country to provide security consulting, just to hear that the company didn’t even enforce it’s policy! People were constantly looking at inappropriate things on company equipment! Network controls include creating a network that is secure. Servers could be used for different things, so someone is who access an application interface doesn’t have access to a database that contains PII.

[Eugene Estes]

Hello, Seth. From a technical standpoint, the lecture tied physical security to overall network resilience better than I expected. Environmental controls, fire‑suppression types, and equipment placement all directly affect system availability and integrity. Even something as simple as avoiding basements reduces risk to core infrastructure. My hands‑on experience has mostly been with hardware protection, cable management, and safeguarding critical devices from environmental hazards, but the principles align closely with what they’re teaching in network security.

[Lenay Nichols]

I agree! Having controls in place is only effective if employees actually follow them. Even the best security policies cannot protect an organization if they are ignored. I also agree with your point about the principle of least privilege. At my workplace, employees are given access based on their job responsibilities, which helps protect sensitive information and reduces risk. I like to believe many security incidents could be prevented if organizations focused on proper access controls and regular employee training. In my opinion, administrative controls are often overlooked, but they are just as important as physical and technical controls because people are usually the first line of defense against security threats.

[Lenay Nichols]

Companies can implement administrative, technical, and physical controls to help secure their networks. Administrative controls include policies, procedures, and security awareness training that teach employees how to protect company information. Technical controls include firewalls, antivirus software, encryption, and multi factor authentication, which help prevent unauthorized access to systems and data. Physical controls protect the equipment and facilities where information is stored. Examples include locked server rooms, security cameras, key card access, and security guards. In my current role, we as employees are given access to systems based on our job responsibilities, which helps protect sensitive information and follows the principle of least privilege. Securing a network is similar to protecting a house. Administrative controls are the rules, technical controls are the locks and alarm systems, and physical controls are the doors and fences. These controls help keep company data secure.

[Eugene Estes]

Protecting an organization’s data, systems, and resources from illegal access, cyberattacks, and data breaches requires network security. In order to accomplish this, businesses put in place a variety of security measures that combine to lower risks and improve network security.
Administrative controls are one significant kind of control. These rules, regulations, and standards control how staff members utilize business resources. Password regulations, permissible use guidelines, security awareness training, and incident response protocols are a few examples. Administrative controls aid in ensuring that workers are aware of their duties and adhere to safe procedures when using firm data and technology.
Physical controls are another category. These controls protect the organization’s hardware and networking equipment from physical threats such as theft, vandalism, or unauthorized access. Locked server rooms, security personnel, surveillance cameras, access cards, and biometric authentication systems are a few examples. Attackers can’t directly access vital network infrastructure thanks to physical controls.
Among the most crucial network security measures are technical controls, sometimes referred to as logical controls. Firewalls are commonly used to monitor and filter incoming and outgoing network traffic based on predefined security rules. Antivirus and anti-malware software protect systems from malicious programs that can steal information or disrupt operations. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor network activity and identify suspicious behavior before significant damage occurs.
To guarantee that users can only access resources required for their job tasks, businesses also put access controls in place. This covers techniques for user authentication such as role-based access control (RBAC), multi-factor authentication (MFA), and strong passwords. Restricting access lowers the possibility of unauthorized data exposure and insider threats.
Data encryption is another crucial measure. Data is transformed into a coded format by encryption, which only authorized parties with the right decryption key may decipher. Businesses employ encryption to safeguard private data while it’s being stored and sent over networks.

[Seth Brumfield]

Eugene, what did you think of the lecture when they were talking about physical security? Location hadn’t really crossed my mind, but avoiding the basement makes sense to me because water flows down! They also talked about different fire alarms, sprinkler systems, and fire extinguishers. That never crossed my mind as physical security! This is my first time getting into network controls, do you have any personal experience?

[Author]

Posts