O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Control Types and Purposes

You achieve access control through an entire set of controls which, identified by purpose, include

check.png Preventive controls, for reducing risk

check.png Detective controls, for identifying violations and incidents

check.png Corrective controls, for remedying violations and incidents and improving existing preventive and detective controls

check.png Deterrent controls, for discouraging violations

check.png Recovery controls, for restoring systems and information

check.png Compensating controls, for providing alternative ways of achieving a task

You implement most access control mechanisms with the primary goal of reducing risk (that is, they’re preventive in nature). Detective, corrective, deterrent, recovery, and compensating controls work in a complementary manner with preventive controls to help create an organization’s overall security posture.

For example, detective controls help to determine when preventive ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required