5.1 Types of Controls

Security Controls

Managerial controls - focuses on the design of the security or the policy implementation associated with the security

Operational controls - controls managed by people, security guards, awareness campaigns

Technical controls - controls implemented using systems, OS controls, firewalls, anti-virus

Control types - preventive control = prevents access to a certain area, aim to prevent security incidents or violations before they occur. - detective control = may not prevent access, identifies and records any intrusion attempts, designed to detect and alert when security incidents or violations occur. - corrective control = designed to mitigate damage, IPS can block an attack, focus on correcting or mitigating the impact of a security incident after it occurs - deterrent control = may not directly prevent an attack but it deters an attack, discourges attempts - login banner - compensating control = doesn't prevent attack but recovers from an attack, re-image and restore, alternative controls used when primary controls are not feasible or effective. - physical control = fence, door locks, to prevent unauthorized access to physical areas and protect against physical threats