week 1
K1.1 The role and types of preventative business control techniques in protecting the digital security of an organisation:
The Role of Preventative Controls
Preventative controls are proactive security measures that aim to stop threats or incidents before they happen. They are designed to reduce risks by blocking unauthorised access, preventing breaches, and maintaining system integrity.
In business environments, these controls help protect:
-
Data
-
Systems
-
Physical equipment
-
People and infrastructure
Types of Preventative Control Techniques
Preventative controls fall into four main categories: Physical, Combined, Administrative, and Technical.
Physical Preventative Controls
These controls protect physical access to devices, servers, buildings, and data centres.
| Type | Description |
|---|---|
| Specialist Locks | e.g. Anti-picking locks that resist tampering or lock-picking tools. |
| Barriers | e.g. Fencing, bollards used to stop unauthorised vehicles or people. |
| Gates | Secure entry points, often locked or controlled via access systems. |
| Cages | Metal mesh cages for protecting server racks or network hardware. |
| Flood Defence Systems | e.g. Raised flooring or barriers to prevent water damage in server rooms. |
| Temperature Controls | e.g. Air conditioning or climate controls to prevent overheating of IT equipment. |
Combined (Managed Access) Controls
These combine physical and digital control methods to regulate who can access what and when.
| Type | Description |
|---|---|
| Card Readers | Use swipe or contactless cards to grant access based on credentials. |
| Biometric Systems | Fingerprint, facial recognition, or retina scanning for identity verification. |
| Video/CCTV Surveillance | Monitors and records access to restricted areas; also acts as a visual deterrent. |
| PIN/Passcodes | Secure keypads requiring user-specific codes to access doors or systems. |
Administrative Controls (Policies and Procedures)
These are organisational rules and practices that enforce secure behaviour.
| Type | Description |
|---|---|
| Separation of Duties | Ensures no single employee has complete control of critical tasks – reduces insider threats. |
| Role-Based Access Control (RBAC) | Limits access to information based on job role (e.g. only HR can access personnel files). |
These controls are often documented in Acceptable Use Policies (AUPs) and Security Procedures.
Technical Controls
These are software or system-based controls used to prevent cyber threats.
| Type | Description |
|---|---|
| Allow/Approved Listing | Only approved applications or websites can be run or accessed. |
| Block/Deny Listing | Known malicious programs, websites, or IPs are blocked. |
| Access Control Lists (ACLs) | Define which users or systems are allowed to access particular resources. |
| Sandboxing | Runs programs in a restricted environment to test them safely without affecting the system. |
| Device Hardening | Disabling unused ports, services, or installing security patches to minimise vulnerabilities. |
| Certificate Authorities (CA) | Verifies digital certificates to ensure secure website and data communication. |
Design a Secure Office
Task:
You are working for a new tech company that wants to set up a secure office and server room. Use what you’ve learned to design a security plan that includes:
1. At least 2 physical preventative controls.
2. At least 1 combined control.
3. At least 1 administrative control.
4. At least 2 technical controls.
Instructions:
Present your plan as a poster or infographic.
Include a short description of each control.
Explain how it prevents a security threat.
Optional Tools: Canva, PowerPoint, Google Drawings, draw.io or Visio .
Last Updated
2025-07-11 12:42:19
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 1←
PrevWeek 2←
Prev→
Next