Understanding the Goals of Controls

Controls and countermeasures are typically identified as one of the following three types: preventive, detective, or corrective. A preventive control attempts to prevent losses before they occur, a detective control detects violations, and a corrective control attempts to reverse the impact from a security incident.

Losses to availability, integrity, or confidentiality (AIC) can impact the organization’s mission. Figure 9-3 emphasizes that controls attempt to prevent, detect, and correct losses to any of these elements of the security triad.

image

Figure 9-3 Controls prevent, detect, and/or correct losses to AIC ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.