Controls
Categories of controls
Managerial
Controls that use administrative methods
Operational
Controls implemented and executed by people
Technical
Controls incorporated as part of hardware, software, or firmware
Physical
Controls that implement security in a defined structure and location
Types of controls
Deterrent controls
Attempts to discourage violations before they occur
Preventative controls
Attempts to prevent the threat from coming in contact with the vulnerability
Detective controls
Identifies any threat that has reached the system
Compensating controls
Provides an alternative to normal controls that for some reason cannot be used
Corrective controls
Mitigates or lessens the damage caused by the incident
Directive controls
Ensures that a particular outcome is achieved