Various Types of controls:
1. Preventive control: It prevents any security breach from occurring. Aimed at preventing an incident from occurring.
2. Detective controls: Detective controls attempt to detect any break-in that has already happened. Aimed at detecting incidents after they have occurred.
3. Corrective controls: Corrective controls attempt to reverse the impact of an incident or problem after it has occurred. Aimed at reversing the impact of an incident.
4. Deterrent controls attempt to prevent incidents by discouraging threats. Aimed at discouraging individuals from causing an incident.
5. Compensating controls: These are alternative controls used when a primary control is not feasible. are when it isn't possible to use the primary control or to enhance a primary control.
Managerial: Managerial controls are those that are based on overall risk management. These security controls focus on the management of risk or the management of the cybersecurity system. The use of cybersecurity audits is an example of a managerial control
Physical: A physical control is one that prevents specific physical actions from occurring, such as a mantrap prevents tailgating. Physical controls prevent specific human interaction with a system and are primarily designed to prevent accidental operation of something
Compensating: A compensating control is one that is used to meet a requirement when there is no control available to directly address the threat. Fire suppression systems do not prevent fire damage, but if properly employed, they can mitigate or limit the level of damage from fire.
Operational: An operational control is a policy or steps used to limit security risk. These security controls are done by people, as opposed to systems. Instructions to guards are an example of an operational control.
Technical: These security controls are primarily built into the information system through mechanisms contained in its hardware, software, or firmware components. Biometrics is an example of a technical control.