Control Categories
Managerial controls are primarily administrative in function.
They are typically documented in an organization’s security policy and focus on managing risk.
Operational controls help ensure that the day-to-day operations of an organization comply with the security policy. People implement them.
Technical controls use technology such as hardware, software, and firmware to reduce vulnerabilities.
Control Types
Preventative controls attempt to prevent an incident from occurring.
Detective controls attempt to detect incidents after they have occurred.
Corrective controls attempt to reverse the impact of an incident.
Deterrent controls attempt to discourage individuals from causing an incident.
Compensating controls are alternative controls used when a primary control is not feasible.
Physical controls refer to physical security such as security guards, fences.