Security Controls Planning
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- The control taxonomy: function by nature
- Who owns which control: the shared responsibility split
- Implementing IAAA: the preventive technical chain
- Audit mechanisms: collection, correlation, capture
- Exam-pattern recognition
The control-type taxonomy: function (rows) by nature (columns)
| Control function | Physical | Technical / logical | Administrative |
|---|---|---|---|
| Preventive (stop the act before it happens) | Locked cages, mantraps, biometric door locks, bollards | IAM deny policies, MFA, encryption, firewalls, security groups, network segmentation | Acceptable-use policy, separation of duties, background checks, security training |
| Detective (notice it after it happens) | CCTV, motion sensors, guard patrols, tamper seals | CloudTrail / control-plane logs, flow logs, IDS/IPS, SIEM correlation, packet capture | Log review procedures, periodic access recertification, internal audit |
| Corrective (recover and limit damage) | Fire suppression, redundant power and HVAC, spare hardware | Automated isolation, key rotation/revocation, backup restore, auto-scaling replacement | Incident response plan, disciplinary action, post-incident review and policy update |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- NIST SP 800-53 Rev. 5 — Security and Privacy Controls for Information Systems and Organizations Whitepaper
- CSA Cloud Controls Matrix (CCM) Whitepaper
- CSA Security Guidance for Critical Areas of Focus in Cloud Computing (shared responsibility) Whitepaper
- AICPA — SOC 2: Reporting on Controls at a Service Organization
- CSA STAR Registry
- NIST SP 800-63B — Digital Identity Guidelines: Authentication and Lifecycle Management Whitepaper
- NIST SP 800-92 — Guide to Computer Security Log Management Whitepaper