Section 2.14 Security control types

Question 1

6 basic types

Types of Security Controls

PDDCCD

Answer 1

1. Preventitive controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

Security Pros implement different security controls depending on what security threat they are addressing

Question 2

1

Preventitive controls

Answer 2

Proactive measures taken to stop security threats/breaches

e.g Firewall is preventive measure as it can filter incoming/outcoming traffic to block any harfmul data packages before they impact the organisations network

Question 3

2

Deterrent Controls

Answer 3

Discourage potential attackers by making the effort seem less appealing or more challenging

e.g Signs to warn bad actors (warning signs or banners)

Question 4

3

Detective Controls

Answer 4

Monitor and alert organisations to malicious activity

e.g Intrusion detection system which is constantly scanning a network for malicious activity

Question 5

4

Corrective Controls

Answer 5

Mitigate potential damage and restore systems to their normal state

e.g The anti-virus software can actually quarantine and remove suspicious files

Question 6

5

Compensating Controls

Answer 6

Alternative security measures that are implemented when primary security controls are not feasible or effective

e.g Legacy systems cannot support WPA3 so instead you can use WPA2 with a VPN

Question 7

6

Directive Controls:

Answer 7

Policies/documentation to guide, inform or mandate actions to help mitigate threat.

e.g An organisation acceptable use policy (AUP) is a directive contol as it provides guidlines