🌊 SYO-701 Reference

Security Control Categories and Types

Categories of Security Controls

Technical | Controls that utilise technology to protect systems and data. 

e.g. Firewalls that filter incoming and outgoing network traffic. 

Managerial | Controls focused on the management and oversight of security policies and practices. 

e.g. Security awareness training for employees to recognize potential threats. 

Operational | Controls implemented in daily operations to maintain security. 

e.g. Regular software updates and patch management to mitigate vulnerabilities. 

Physical | Controls that protect physical assets from unauthorized access or damage. 

e.g. Fencing around a facility to prevent unauthorized entry. 

Types of Security Controls

Preventive | Controls designed to prevent security breaches before they occur.

e.g. Use of encryption to protect sensitive data from unauthorized access. 

Deterrent | Measures intended to discourage potential intruders or malicious actors.

e.g. Visible security cameras that act as a deterrent to theft. 

Detective | Controls that identify and alert on incidents as they occur. 

e.g. Intrusion detection systems that monitor network traffic for suspicious activity. 

Corrective | Measures taken to mitigate the impact of an incident and restore systems. 

e.g. Data recovery processes following a ransomware attack. 

Compensating | Alternate controls put in place when primary controls cannot be fully implemented.

e.g. Providing temporary access via monitored devices when the main system is down. 

Directive | Guidelines or policies that instruct personnel on security practices and behaviors. 

e.g. An information security policy outlining acceptable use of company resources.