Domain 1 · 1.1 Security Controls

1.1.2 Control Types

Preventive, Deterrent, Detective, Corrective, Compensating, Directive.

14 min

Categories say *how* a control is built. Types say *why* it exists.

The six control types

  • Preventive → stops an attack before it succeeds
  • Examples: MFA, firewalls, IPS, encryption, locked doors
  • Keywords: *prevent, block, deny, enforce, require, restrict*
  • Deterrent → discourages an attacker by raising perceived risk
  • Examples: warning signs, visible guards, security lighting
  • Keywords: *discourage, warning, visible, prosecution*
  • Detective → identifies or records malicious activity
  • Examples: IDS, SIEM alerts, audit logs, CCTV, FIM
  • Keywords: *detect, monitor, log, alert, review, audit*
  • Corrective → restores operations after an incident
  • Examples: restoring backups, applying patches, rebuilding machines, removing malware
  • Keywords: *restore, recover, remediate, repair, rebuild*
  • Compensating → an alternative when the ideal control isn't possible
  • Example: legacy app can't support MFA → use VPN + segmentation + monitoring
  • Keywords: *alternative, workaround, legacy, substitute*
  • Directive → guides user behavior through instruction
  • Examples: policies, standards, acceptable use policies, training
  • Keywords: *policy, procedure, standard, guideline, training*

Common exam traps

  • A CCTV cameraPhysical category, Detective type
  • A security guardOperational category, often a Deterrent
  • IDS = Detective (alerts only) vs IPS = Preventive (blocks)
  • Managerial = creating policies & risk assessments
  • Operational = executing backups, IR, training

Exam shortcut

  • Preventive = stop
  • Deterrent = discourage
  • Detective = discover
  • Corrective = recover
  • Compensating = alternative
  • Directive = instruct