KodeKloud Notes

Understanding various security control types is essential for building a robust cybersecurity strategy. In addition to control categories, security controls are also defined by their function: preventative, deterrent, detective, corrective, and compensating. Each plays a unique role in safeguarding an organization against threats.

Preventative Controls

Preventative controls are proactive measures designed to block or reduce an attacker's methods before an incident occurs. An acceptable use policy is a typical example, as it sets clear guidelines on permitted and prohibited actions, thereby preventing misuse before any compromise.

The image shows five types of security controls: Preventive, Deterrent, Detective, Corrective, and Compensating, each represented with a distinct color and icon.

The image illustrates a concept of "Preventative Controls," showing a policy document linked to users, with a note about preventing misuse that could cause a compromise.

Deterrent Controls

Deterrent controls are designed to discourage unauthorized actions rather than physically blocking them. A common deterrent is a warning sign, which aims to dissuade individuals from engaging in undesirable or illegal behavior.

The image is about "Deterrent Controls" and includes a warning symbol, explaining that these controls are designed to discourage someone from attempting to do something.

Detective Controls

Detective controls are responsible for monitoring and identifying suspicious activities or breaches as they occur, without directly preventing them. Systems that provide real-time security monitoring and conduct regular log file reviews serve as prime examples of detective controls. These measures enable prompt detection and response to security incidents.

The image is about "Detective Controls" and features an icon of a detective, explaining that these controls monitor and identify breaches.

The image shows two detective controls: "Security camera monitoring" and "Reviewing log files," each represented by an icon.

Corrective Controls

Corrective controls come into play after a security breach to mitigate or eliminate the impact of an attack. For instance, after a ransomware attack has resulted in data loss, restoring data from backups is a corrective measure. These controls are vital for an organization's recovery process and help restore normal operations swiftly.

The image explains "Corrective Controls," highlighting their role in reducing or eliminating the impact of an event after it has occurred. It features a magnifying glass icon with a checkmark.

Compensating Controls

Compensating controls are alternative measures that provide a similar level of protection when implementing standard controls is not feasible. For example, if a legacy system cannot be upgraded, an organization might disable unnecessary services, restrict network access, or introduce a firewall to monitor and block non-essential traffic. For Linux-based legacy systems, implementing a host-based firewall further enhances security.

The image is about "Compensating Controls" and emphasizes offering alternative solutions that provide similar protection.

The image illustrates a network security concept labeled "Compensating Controls," showing a client connecting to a legacy system through firewalls that monitor and block unnecessary traffic.

Note

Integrating these control types into a layered defense strategy ensures a comprehensive approach to cybersecurity. Preventative controls strive to stop an attack before it begins, while deterrent, detective, corrective, and compensating controls provide additional layers of security to react, monitor, and recover from threats.

Watch Video

Watch video content