Types of Access Control

0903N-CISSP-社團封面S

Types of Access Control

  1. Directive controls promote security awareness and direct compliant behaviors, e.g., policies, posters, and signs.
  2. Deterrent controls discourage violation of security policies and reduce or eliminate the motive of unauthorized behaviors, e.g., guards and mantraps.
  3. Preventive controls raise the hurdle and thwart the breaching attempts, e.g., firewalls, intrusion prevention systems (IPS), and antivirus software.
  4. Detective controls monitor and report potential or undergoing breaching attempts, e.g., intrusion detection systems (IDS), honeypots or honeynets, and reviews.
  5. Corrective controls stop the breaching attempts to maintain or restore normal operations or service level, e.g. Trusted Recovery and Antivirus Software (Quarantining a virus).
  6. Recovery controls recover from disruption and restore to normal operations and service level if breaching attempts disrupt the operations or services, e.g., backup and restore, system imaging, and shadowing.
  7. Compensating controls provide contingent or alternative protection to existing controls. For example, a PIN code is compensating for the Windows Hello facial recognition.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.