-
Technical Control
- a control that uses technology to reduce vulnerabilities.
- The principle is of least priviledge is a technical control.
-
Management Controls
Primarily administrative and include items such as risk and vulerability assessments.
-
Operational Controls
- Help ensure day to day operations of an organization comply with their overall security plan.
- Some examples include training, configuration management, and change management.
-
Preventive Controls
- Attempt to prevent an incident from occuring.
- Examples: Change management plans, Security gaurds, account dissablement policies, and user training.
-
Detective Controls
- Detect when a vulnerability has been exploited.
- Examples: Security Audit, periodic view of user rights, closed circuit tv system and can show a persons actions, such as theft.
-
Corrective Controls
- Attempt to reverse the impact of an incident or problem once it has occured.
- Examples: Active IDS, backups, system recovery plans.
|
|
