Section 6: Risk Strategies

Question 1

7 Different Categories of Access Control

Answer 1

▪ Compensative
● Used in place of a primary access control measure in order to
mitigate a given risk
▪ Corrective
● Used to reduce the effect of an undesirable event or attack
▪ Detective
● Used to detect an attack while it is occurring and to notify the
proper personnel
▪ Deterrent
● Used to discourage any violation of the security policies, both to
attackers and insiders
▪ Directive
● Used to force compliance with the security policy and practices
within the organization
▪ Preventive
● Seeks to prevent or stop an attack from even occurring
▪ Recovery
● Used to recover a device after an attack

Question 2

Gap Analysis

Answer 2

▪ Compares the current performance of the organization’s security posture to the desired security posture