Understanding the Goals of Controls
Controls and countermeasures are typically identified as one of the following three types: preventive, detective, or corrective. A preventive control attempts to prevent losses before they occur, a detective control detects violations, and a corrective control attempts to reverse the impact from a security incident.
Losses to availability, integrity, or confidentiality (AIC) can impact the organization’s mission. Figure 9-3 emphasizes that controls attempt to prevent, detect, and correct losses to any of these elements of the security triad.
Figure 9-3 Controls prevent, detect, and/or correct losses to AIC ...
Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.