Directivecontrols promote security awareness and direct compliant behaviors, e.g., policies, posters, and signs.
Deterrentcontrols discourage violation of security policies and reduce or eliminate the motive of unauthorized behaviors, e.g., guards and mantraps.
Preventivecontrols raise the hurdle and thwart the breaching attempts, e.g., firewalls, intrusion prevention systems (IPS), and antivirus software.
Detectivecontrols monitor and report potential or undergoing breaching attempts, e.g., intrusion detection systems (IDS), honeypots or honeynets, and reviews.
Correctivecontrols stop the breaching attempts to maintain or restore normal operations or service level, e.g. Trusted Recovery and Antivirus Software (Quarantining a virus).
Recoverycontrols recover from disruption and restore to normal operations and service level if breaching attempts disrupt the operations or services, e.g., backup and restore, system imaging, and shadowing.
Compensating controls provide contingent or alternative protection to existing controls. For example, a PIN code is compensating for the Windows Hello facial recognition.