Control Categories: In cybersecurity and risk management, classify controls into several types based on their purposes and effects within an organization’s security posture. They include Preventive Controls to stop incidents before they happen. Detective Controls for identifying and detecting issues when they occur. Corrective Controls to resolve issues after they’ve been detected. Deterrent Controls discourage potential security violations. Compensating Controls are alternative mechanisms when primary controls are not viable. It should be noted that these control categories are also dependant on frameworks and standards within their respective environments, as some may be more appropriate than others.
Categories: CC D1: Security Principles | CCSP D6: Legal - Risk and Compliance | CISM D1: Information Security governance | CISSP D1: Security and Risk Management | Security+ D5: Security Program Management and Oversight | SSCP D1: Security Concepts and Practices
« Back to Glossary Index