week 19
K1.19 The purpose of technical security controls as risk mitigation techniques and their applications to business risks within a digital infrastructure context:
Technical security controls are automated or configured defences put in place to prevent, detect, or respond to cyber threats. They are essential in mitigating business risks within any digital infrastructure.
Technical Security Controls and Their Applications
Cyber Essentials – 5 Core Controls
Cyber Essentials is a government-backed certification scheme in the UK that outlines five key technical controls that help protect organisations from common cyber attacks.
| Control | Purpose / Risk Mitigated | Example Application |
|---|---|---|
| ðŸâ€Â¥ Boundary Firewalls & Gateways | Control and restrict incoming/outgoing network traffic | Block access to unsafe websites or external ports |
| 🛠Secure Configuration | Ensure systems are set up securely | Remove unused software, disable unnecessary services |
| 🦠Malware Protection | Detect, prevent and remove viruses or malicious code | Run anti-virus software, block suspicious downloads |
| ðŸâ€â€ž Patch Management | Keep software updated to fix vulnerabilities | Automatically update operating systems and critical applications |
| ðŸâ€â€˜ Access Control | Only allow users the access they need (least privilege) | Restrict admin rights, enforce strong passwords |
Additional Technical Security Controls
These extend beyond Cyber Essentials and provide deeper protection within larger or more complex digital infrastructures.
Device Hardening
Reducing the attack surface of a device by removing unnecessary components.
| Risk Mitigated | Example Application |
|---|---|
| Unauthorised access or system misuse | Disable unused ports, delete guest accounts |
| Exploitation of unnecessary services | Uninstall trial software, remove FTP services |
Segmentation
Dividing the network or systems into isolated sections to reduce the impact of a breach.
| Risk Mitigated | Example Application |
|---|---|
| Spreading of malware or attacks | Separate guest Wi-Fi from internal business network |
| Data theft across departments | Restrict HR data access to only HR staff |
Hardware Protection
Using dedicated hardware or protective software to secure devices and data.
| Risk Mitigated | Example Application |
|---|---|
| Theft or damage of hardware | Encrypt hard drives, install secure boot firmware |
| Data loss from damaged hardware | Use RAID arrays and UPS (Uninterruptible Power Supply) |
Multi-Factor Authentication (MFA)
Using two or more factors to verify user identity.
| Risk Mitigated | Example Application |
|---|---|
| Password compromise | Require SMS code or authenticator app in addition to password |
| Account hijacking | Biometric login or key fob-based access |
Remote Monitoring and Management (RMM)
Monitoring systems and devices remotely to detect issues early and apply fixes.
| Risk Mitigated | Example Application |
|---|---|
| Unnoticed device failures | Set alerts for system errors or crashes |
| Delays in applying patches | Deploy software updates remotely |
Vulnerability Scanning
Regular scanning of devices, ports, and networks to identify weaknesses.
| Risk Mitigated | Example Application |
|---|---|
| Unpatched or unknown vulnerabilities | Port scan servers for open ports or outdated software |
| Network exposure | Scan IoT devices for known firmware bugs |
Match the Control
Instructions:
You’re an IT support technician asked to advise on technical controls for a new college network.
1. Match each threat below to the most appropriate technical control:
Malware infection
Unauthorised access to admin tools
Weak student Wi-Fi password
Outdated firewall firmware
USB device spreading a virus
2. Explain how each control helps reduce or eliminate the threat.
Extension: Create a visual mind map showing all the controls and what threats they help to prevent.
Discuss the relationship between organisational policies and procedures and risk mitigation. Explore different policies that might be developed to alleviate risk, such as BYOD, password policy and software usage. Also, explore HSE policies, such as lone working, manual handling or fire safety. Consider how these are monitored and checked for compliance.
Last Updated
2025-07-14 12:38:43
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 18←
PrevWeek 19←
PrevWeek 20←
Prev→
Next