Control Types and Purposes
You achieve access control through an entire set of controls which, identified by purpose, include
Preventive controls, for reducing risk
Detective controls, for identifying violations and incidents
Corrective controls, for remedying violations and incidents and improving existing preventive and detective controls
Deterrent controls, for discouraging violations
Recovery controls, for restoring systems and information
Compensating controls, for providing alternative ways of achieving a task
You implement most access control mechanisms with the primary goal of reducing risk (that is, they’re preventive in nature). Detective, corrective, deterrent, recovery, and compensating controls work in a complementary manner with preventive controls to help create an organization’s overall security posture.
For example, detective controls help to determine when preventive ...