Cybersecurity controls include safeguards or countermeasures implemented to protect an organization from an incident. Cybersecurity controls are used to prevent, detect, and mitigate cyber threats and attacks. There are six types of controls:
- Preventive
- Deterrent
- Detective
- Recovery
- Corrective
- Compensating
Preventive Controls:
It is always more cost-effective to prevent an event from happening than suffering an interruption or disruption and then attempting to recover from that uncomfortable posture. Most of the controls in this category attempt to avoid allowing someone to commit a crime or compromise a system. This includes security awareness and proper training. A lack of education can generate events that might endanger your security posture.
Detective Controls:
Detective controls are usually used after the fact. Common detective controls include auditing and Intrusion Detection Systems (IDS). In the physical world, detective controls are motion sensors, CCTV, or other types of devices that can detect an intrusion taking place or someone trespassing.
Deterrent Controls:
Discourages security violations. Examples include \”Beware of dog\” signs.
Compensating Controls:
They are used to provide alternatives to other controls. If you choose to implement a weakness in a particular control, you might want to add another layer. For example, video cameras are great for detective control, but a security guard is better. Because a security guard at every door is cost-prohibitive, we employ cameras.
The compensating control is the camera for the chosen weakness of not having enough guards for the entire location.
Corrective Controls:
Reacts to an attack and takes corrective action. For example, a user downloads spyware, which their local antivirus program (preventive control) fails to detect. The user begins receiving unwanted popup
advertisements in their web browser and opens a ticket with the help desk. The IT technician runs a spyware \”fixup\” program and corrects the problem.
Recovery Controls:
Restores the operating state to normal after an attack or system failure. Recovery controls mitigate more severe impacts compared with corrective controls. For example, a user downloads malware that violates their PC\’s system integrity by replacing parts of the operating system with malicious code. An IT technician reimages their system (recovery control) to remove the infection.
