CompTIA® Security+ Exam Notes : Compare And Contrast Various Types Of Controls

5. Risk Management

5.5 Compare and contrast various types of controls

Various Types of controls:

1. Preventive control: It prevents any security breach from occurring. Aimed at preventing an incident from occurring.

Example

  • Security guards at door,
  • Proximity cards or bio-metrics at the entrance to the building,
  • Change management policy, etc.

2. Detective controls: Detective controls attempt to detect any break-in that has already happened. Aimed at detecting incidents after they have occurred.

Example

  • Log monitoring,
  • Trend analysis,
  • Security audit
  • video surveillance systems
  • motion detection systems.

3. Corrective controls: Corrective controls attempt to reverse the impact of an incident or problem after it has occurred. Aimed at reversing the impact of an incident.

Example:

  • Active IDS. Active intrusion detection systems (IDSs) - IDS detects an intruder and engage systems that block the progression of intrusion.
  • Backups and system recovery.

4. Deterrent controls attempt to prevent incidents by discouraging threats. Aimed at discouraging individuals from causing an incident.

Example:

  • Cable locks
  • Hardware locks

5. Compensating controls: These are alternative controls used when a primary control is not feasible. are when it isn't possible to use the primary control or to enhance a primary control.

Example:

  • TOTP (Time-based One Time Password).
  • Using Proximity card or a PIN number are examples of Preventive control.

Previous   Contents   Next


Security+ Cram Notes Contents certexams.com ad