Control Categories and Classifications 1.2

Question 1

Having multiple overlapping layers of diverse controls and our controls should not be subject to a cascade or domino effect and should maintain independence.

Answer 1

Layered Security

Question 2

Proactive action taken to cause or encourage a good outcome to occur. They are broad in nature and often used to increase the effectiveness of other controls.

Answer 2

Directive controls

Question 3

Aligned with a process that are primarily implemented and executed by people

Answer 3

Operational control category

Question 4

Minimize the impact of a threat agent or modify or fix a situation

Answer 4

Corrective control classification

Question 5

Implemented using hardware, software, and/or firmware components. Can be native or supplemental

Answer 5

Technical control category

Question 6

Stop a threat agent from being successful

Answer 6

Preventative control classification

Question 7

Related to risk management, governance, oversight, strategic alignment, and decision making

Answer 7

Managerial control categories

Question 8

Designed to address physical interactions. Generally related to buildings and equipment

Answer 8

Physical control category

Question 9

Discourage a threat agent from acting

Answer 9

Deterrent control classification

Question 10

Identify and report a threat agent or action

Answer 10

Detective control classification

Question 11

Controls implemented in lieu of a recommended control that provides equivalent or comparable protection. Can be supplemental in cases where the implemented control does not provide sufficient protection.
Can be shirt term or temporary.

Answer 11

Compensating controls