5.7 Compare and contrast types of control

Question 1

Deterrent

Answer 1

The control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion.

Question 2

Preventive

Answer 2

The control physically or logically restricts unauthorized access. A directive can be thought of as an administrative version of a preventive control.

Question 3

Detective

Answer 3

The control may not prevent or deter access, but it will identify and record any attempted or successful intrusion.

Question 4

Compensating

Answer 4

The control does not prevent the attack but restores the function of the system through some other means, such as using data backup or an alternative site.

Question 5

Technical

Answer 5

Controls implemented in operating systems, software, and security appliances. Examples include Access Control Lists (ACL) and Intrusion Detection Systems.

Question 6

Administrative

Answer 6

Controls that determine the way people act, including policies, procedures, and guidance. For example, annual or regularly scheduled security scans and audits can check for compliance with security policies.

Question 7

Physical

Answer 7

Controls such as alarms, gateways, and locks that deter access to premises and hardware are often classed separately.