O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Controls

Controls are steps in processes — or components in information systems — that enforce compliance with business or security rules. Technology can enforce a control, or an individual may perform a manual step or procedure.

instantanswer.eps The major types of controls are

check.png Preventive controls: Used to prevent errors and unauthorized actions.

check.png Detective controls: Used to detect errors and unauthorized activities.

check.png Corrective controls: Used to reverse or minimize the impact of errors and unauthorized events. These are also known as recovery controls.

check.png Automatic controls: Those that automatically enforce a security policy.

check.png Manual controls: Those that must be proactively performed in order to enforce a security policy.

All the controls discussed in the following sections fall into these categories. A control is preventive, detective, or corrective; also, the control is either automatic or manual. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required