Skip to main content
Springer Nature Link
Log in

IT Security Technical Controls

  • Chapter
  • First Online:
IT Security Controls

  • 2348 Accesses

Abstract

This chapter lists and explains the technical security controls that organizations must have to secure their assets. These controls implementation should be based on a zero trust model where all users, whether inside or outside the organization, need to be authenticated and authorized, and continuously identified to have access to corporate resources. Although these controls are essential to secure the organization, they are not enough to accomplish it. With these technical controls, organizations must also implement effective management and operational processes and hire qualified resources with the proper skills to implement, administer and operate these controls.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

eBook
EUR 17.99
Price includes VAT (Netherlands)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 70.84
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Notes

  1. 1.

    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

  2. 2.

    https://standards.ieee.org/standard/802_1X-2010.html

  3. 3.

    Authors’ note: SSL and TLS are located into several layers of the OSI model or the TCP/IP model. TLS runs “on top of transport protocol (e.g., TCP) and encrypts payloads from higher layers. For a good discussion on this matter, please visit https://security.stackexchange.com/questions/93333/what-layer-is-tls/93338#93338.

  4. 4.

    Although NAT is not a protocol, it is a method that can be implemented in the network layer.

  5. 5.

    https://nca.gov.sa/files/ncs_en.pdf

  6. 6.

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

  7. 7.

    https://datatracker.ietf.org/doc/html/rfc2246

  8. 8.

    https://datatracker.ietf.org/doc/html/rfc8032

  9. 9.

    Stage of the TLS handshake where, in response to the ClientHello, the server sends a message containing the server’s SSL certificate, chosen cipher suite, and server random, and a random string of bytes generated by the server.

  10. 10.

    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf

  11. 11.

    Bărbulescu v. Romania case. www.echr.coe.int/Documents/Press_Q_A_Barbulescu_ENG.PDF.

  12. 12.

    For example, USA under Electronic Communications Privacy Act of 1986

  13. 13.

    https://csrc.nist.gov/publications/detail/sp/800-125b/final

  14. 14.

    https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf

  15. 15.

    Author’s note: Never rely on extensions.

  16. 16.

    When events are created for content that is allowed to egress.

  17. 17.

    When events are not created for the content that is already exfiltrated.

  18. 18.

    Please see Single Sign On.

  19. 19.

    www.virustotal.com/ui/file_behaviours/76f52cba288145242a77a8762282d8d0e6d8fb3160b5fefb7b92649e503c62a1_Tencent%20HABO/html

  20. 20.

    No, not the Skynet. Merely the application accounts or service accounts are meant here.

  21. 21.

    https://owasp.org/Top10/A01_2021-Broken_Access_Control/

  22. 22.

    https://capec.mitre.org/data/definitions/151.html

  23. 23.

    www.cisecurity.org/controls/access-control-management/

  24. 24.

    https://owasp.org/www-project-proactive-controls/v3/en/c7-enforce-access-controls

  25. 25.

    https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

  26. 26.

    www.cisecurity.org/cis-benchmarks/

  27. 27.

    https://csrc.nist.gov/publications/detail/sp/800-53b/final

  28. 28.

    https://aka.ms/baselines and https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines

  29. 29.

    https://public.cyber.mil/stigs/

  30. 30.

    https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse

  31. 31.

    www.itu.int/rec/T-REC-X.509/en

  32. 32.

    Rivest, Ron L.; Shamir, Adi; Adleman, Len (February 1, 1978). “A Method for Obtaining Digital Signatures and Public-key Cryptosystems”. Communications of the ACM. 21 (2): 120–126. CiteSeerX 10.1.1.607.2677. doi:10.1145/359340.359342. ISSN 0001-0782. S2CID 2873616.

  33. 33.

    https://en.wikipedia.org/wiki/With_great_power_comes_great_responsibility

  34. 34.

    www.gartner.com/doc/reprints?id=1-26UL30OG&ct=210719&st=sb

  35. 35.

    www.sans.org/posters/hunt-evil/

  36. 36.

    https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8286.pdf

Author information

Authors and Affiliations

  1. Doha, Qatar

    Virgilio Viegas & Oben Kuyucu

Authors
  1. Virgilio Viegas
    View author publications

    Search author on:PubMed Google Scholar

  2. Oben Kuyucu
    View author publications

    Search author on:PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Viegas, V., Kuyucu, O. (2022). IT Security Technical Controls. In: IT Security Controls. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7799-7_4

Download citation

Publish with us

Policies and ethics