Control Categories and Classifications 1.2 Flashcards
Having multiple overlapping layers of diverse controls and our controls should not be subject to a cascade or domino effect and should maintain independence.
Layered Security
Proactive action taken to cause or encourage a good outcome to occur. They are broad in nature and often used to increase the effectiveness of other controls.
Directive controls
Aligned with a process that are primarily implemented and executed by people
Operational control category
Minimize the impact of a threat agent or modify or fix a situation
Corrective control classification
Implemented using hardware, software, and/or firmware components. Can be native or supplemental
Technical control category
Stop a threat agent from being successful
Preventative control classification
Related to risk management, governance, oversight, strategic alignment, and decision making
Managerial control categories
Designed to address physical interactions. Generally related to buildings and equipment
Physical control category
Discourage a threat agent from acting
Deterrent control classification
Identify and report a threat agent or action
Detective control classification
Controls implemented in lieu of a recommended control that provides equivalent or comparable protection. Can be supplemental in cases where the implemented control does not provide sufficient protection.
Can be shirt term or temporary.
Compensating controls