1.1 - CompTIA Security+

Technical Controls

Controls implemented using a technical system (e.g., software, hardware, operating systems).

Managerial Controls

Controls based on a series of policies that explain to people how to use data, computers, and systems.

Operational Controls

Controls that use people/human activities to ensure that security measures are followed effectively (e.g., security guards, awareness training).

Physical Controls

Controls that limit someone’s access to a physical location, room, or device.

Preventive Controls

Controls that limit someone’s access to a resource, and/or prevent security incidents before they occur (e.g., a guard shack or a password).

Deterrent Controls

Security controls designed to discourage unauthorized actions by highlighting risks or consequences (e.g., splash screens, CCTV cameras).

Detective Controls

Security controls designed to identify unauthorized actions as they occur (e.g., intrusion detection systems, endpoint logs, motion detectors).

Corrective Controls

Security controls designed to restore systems after an incident/breach (e.g., antivirus software, intrusion prevention systems).

Compensating Controls

Security controls designed to replace (normally for a short time), systems that have been affected by a security incident (e.g., power generators, a firewall rule to block a vulnerability with no update).

Directive Controls

Security controls where you direct someone to do something more secure rather than less secure (e.g., storing information on a secured folder rather than in an unsecure folder, placing an 'AUTHORIZED PERSONNEL ONLY' sign on a door).