▶ 2.6 Selecting Security Controls
When we implement security requirements, our goal is to provide security controls to cover those requirements. The security controls are the features of the system that implement the requirements. In general, security controls fall into three categories:
Preventative: These controls directly block actions that violate security requirements. Most designers prefer to use these controls because they directly implement requirements.
Detective: These controls detect violations of requirements so that administrators, security officers, auditors, or investigators can see them. Some security techniques simply detect problems but can’t prevent them.
Corrective: These controls take measures to help restore the system. ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
