Security controls | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency. Security controls can be classified by various criteria. For example, controls are occasionally classified by when they act relative to a security breach: Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders; During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police; After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Security controls can also be classified according to their characteristics, for example: Physical controls e.g. fences, doors, locks and fire extinguishers; Procedural or administrative controls e.g. incident response processes, management oversight, security awareness and training; Technical or logical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls; Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses. For more information on security controls in computing, see Defense in depth (computing) and Information security Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Some of the most well known standards are outlined below. ISO/IEC 27001:2022 was released in October 2022.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (62)

Related people (9)

Related units (9)

Related concepts (3)

Related courses (3)

Related lectures (31)

Security service (telecommunication)

Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation. X.800 and ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture) are technically aligned. This model is widely recognized A more general definition is in CNSS Instruction No.

Information security

Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents.

Threat (computer)

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

COM-402: Information security and privacy

This course provides an overview of information security and privacy topics. It introduces students to the knowledge and tools they will need to deal with the security/privacy challenges they are like

CS-119(c): Information, Computation, Communication

L'objectif de ce cours est d'introduire les étudiants à la pensée algorithmique, de les familiariser avec les fondamentaux de l'Informatique et de développer une première compétence en programmation (

EE-552: Media security

This course provides attendees with theoretical and practical issues in media security. In addition to lectures by the professor, the course includes laboratory sessions, a mini-project, and a mid-ter

WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches

Mathias Josef Payer, Flavio Toffalini, Luca Di Bartolomeo, Jianhao Xu

Code-reuse attacks are dangerous threats that attracted the attention of the security community for years. These attacks aim at corrupting important control-flow transfers for taking control of a process without injecting code. Nowadays, the combinations o ...

IEEE COMPUTER SOC2023

Many real-world group messaging systems delegate group administration to the application level, failing to provide formal guarantees related to group membership. Taking a cryptographic approach to group administration can prevent both implementation and pr ...

2023

Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs

Mathias Josef Payer, Jianhao Xu

Compilers assure that any produced optimized code is semantically equivalent to the original code. However, even "correct" compilers may introduce security bugs as security properties go beyond translation correctness. Security bugs introduced by such corr ...

Berkeley2023

HTTP Desync: Request Smuggling Reborn COM-506: Student seminar: security protocols and applications

Explores HTTP request smuggling, a vulnerability to bypass security controls, with examples and defense strategies.

Protecting Work: Threats

Discusses the importance of protecting work and EPFL through laws, regulations, threat identification, data protection, risk prevention, and security controls.

Introduction Installation: Building Construction and Technical Installations

Covers the planning and construction of buildings, emphasizing teamwork and interdisciplinary leadership.