Smart Cards
Question
Smart cards are an example of which type of control?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Logical or technical controls involve the restriction of access to systems and the protection of information.
Smart cards and encryption are examples of these types of control.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical.
Administrative controls are commonly referred to as "soft controls" because they are more management-oriented.
Examples of administrative controls are security documentation, risk management, personnel security, and training.
Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms.
And physical controls are items put into place to protect facility, personnel, and resources.
Examples of physical controls are security guards, locks, fencing, and lighting.
Many types of technical controls enable a user to access a system and the resources within that system.
A technical control may be a username and password combination, a Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader connected to a system.
These technologies verify the user is who he says he is by using different types of authentication methods.
Once a user is properly authenticated, he can be authorized and allowed access to network resources.
Reference(s) used for this question: Harris, Shon (2012-10-25)
CISSP All-in-One Exam Guide, 6th Edition (p.
245)
McGraw-Hill.
Kindle Edition.
and KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 32).
Smart cards are an example of technical control.
Technical controls are implemented through technology, and they include mechanisms like authentication, encryption, firewalls, intrusion detection, and prevention systems. These controls are often considered to be the most effective and efficient way to manage security risks.
A smart card is a physical device that contains a microprocessor and memory, which can be used to store and process data. It is a type of authentication token that can be used to prove the identity of a user or a device. Smart cards typically require the user to enter a PIN or password to authenticate themselves, and the card is then used to provide access to secure systems or data.
Smart cards are a type of technical control because they are a technology-based solution that can be used to enforce access controls and limit the risk of unauthorized access. They are often used in combination with other technical controls, such as firewalls and intrusion detection systems, to provide a layered approach to security.
Detective controls, on the other hand, are controls that are put in place to identify security incidents or breaches after they have occurred. Examples of detective controls include log analysis, intrusion detection systems, and security cameras.
Administrative controls are policies and procedures that are implemented to manage security risks. Examples of administrative controls include security awareness training, background checks, and access control policies.
Physical controls are measures that are put in place to physically protect assets from damage or theft. Examples of physical controls include locks, fences, and security guards.
In summary, smart cards are a type of technical control because they are a technology-based solution that can be used to enforce access controls and limit the risk of unauthorized access.
