CompTIA® Security+ Exam Notes : Compare And Contrast Various Types Of Controls

5. Risk Management

5.5 Compare and contrast various types of controls

Various Types of controls:

1. Preventive control: It prevents any security breach from occurring. Aimed at preventing an incident from occurring.

Example

  • Security guards at door,
  • Proximity cards or bio-metrics at the entrance to the building,
  • Change management policy, etc.

2. Detective controls: Detective controls attempt to detect any break-in that has already happened. Aimed at detecting incidents after they have occurred.

Example

  • Log monitoring,
  • Trend analysis,
  • Security audit
  • video surveillance systems
  • motion detection systems.

3. Corrective controls: Corrective controls attempt to reverse the impact of an incident or problem after it has occurred. Aimed at reversing the impact of an incident.

Example:

  • Active IDS. Active intrusion detection systems (IDSs) - IDS detects an intruder and engage systems that block the progression of intrusion.
  • Backups and system recovery.

4. Deterrent controls attempt to prevent incidents by discouraging threats. Aimed at discouraging individuals from causing an incident.

Example:

  • Cable locks
  • Hardware locks

5. Compensating controls: These are alternative controls used when a primary control is not feasible. are when it isn't possible to use the primary control or to enhance a primary control.

Example:

  • TOTP (Time-based One Time Password).
  • Using Proximity card or a PIN number are examples of Preventive control.

Managerial: Managerial controls are those that are based on overall risk management. These security controls focus on the management of risk or the management of the cybersecurity system. The use of cybersecurity audits is an example of a managerial control

Physical: A physical control is one that prevents specific physical actions from occurring, such as a mantrap prevents tailgating. Physical controls prevent specific human interaction with a system and are primarily designed to prevent accidental operation of something

Compensating: A compensating control is one that is used to meet a requirement when there is no control available to directly address the threat. Fire suppression systems do not prevent fire damage, but if properly employed, they can mitigate or limit the level of damage from fire.

Operational: An operational control is a policy or steps used to limit security risk. These security controls are done by people, as opposed to systems. Instructions to guards are an example of an operational control.

Technical: These security controls are primarily built into the information system through mechanisms contained in its hardware, software, or firmware components. Biometrics is an example of a technical control.

Previous   Contents   Next


Security+ Cram Notes Contents
certexams ad

simulationexams ad