Control Categories
Measures or mechanism put in place to migrate risks and protect the confidentiality, integrity and availability of information systems
Technical (Logical) Controls
Hardware, Software, Firmware - Antivirus, Firewall, IDS, Encryption
Managerial Controls
Risk Assessment, User Training, Security Policies, Response Strategies
Operational Controls
Backup Procedures, Account Reviews, User Training Programs
Physical Controls
CCTVs, Shredding sensitive data, Security Guards, Locking doors
Control Types
Preventative
Proactive methods thwart security threats or breaches (Firewall)
Detective
Monitor and alert about malicious activities as they occur (IDS)
Corrective
Migrate any damage and restore systems (Antivirus)
Recovery
Controls that help us recover after an attack
Deterrent
Aimed to discourage potential attackers (Warning, Banners)
Compensating
Additional security controls to supplement primary security
Directive
Rules and policies that mandate certain actions