November 1, 2017

IT Security Control Types

Control types can be:
  • Administrative (soft control) - documentation, risk management, personnel training.
  • Technical (logical control) - software and hardware components
  • Physical - fences, guard, swipe cards, locked rooms.
Control types have different functionalities, what they do:
  1. Preventive
  2. Detective
  3. Corrective - fix systems after damage has taken place, e.g. computer image
  4. Recovery - data backup
  5. Deterrent 
  6. Compensating
It is must productive to start with preventing controls, then use detective, corrective and recovery control types.

Compensating is the last resort, when a company for example think that hiring guard is to expensive, so they instead put up fences around building.

No comments: