K1.19 The purpose of technical security controls as risk mitigation techniques and their applications to
business risks within a digital infrastructure context:
• purpose – to improve network security for users and systems
• technical security controls and their applications:
o 5 cyber essentials controls:
▪ boundary firewalls and internet gateways – restricting the flow of traffic in systems
▪ secure configuration – ensuring user only has required functionality (for example removing
unnecessary software, configuration to limit web access)
▪ malware protection – maintaining up-to-date anti-malware software and regular scanning
▪ patch management – maintaining system and software updates to current levels
▪ access control – restricting access to a minimum based on user attributes (for example
principle of least privilege, username and password management)
o device hardening – removing unneeded programs, accounts functions, applications, ports,
permissions and access
o segmentation – network, systems, data, devices and services are split up to mitigate the potential
impact of risks
o hardware protection – using server and software solutions to protect hardware and data
o multi-factor authentication – allowing 2 devices to authenticate against one system to confirm
who and where the user is trying to access from
o remote monitoring and management (RMM) (for example end user devices)
o vulnerability scanning (for example port scanning, device scanning)
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|