Comparing Detection and Prevention Security Controls
It worth stressing the differences between detection and prevention security controls. A detective control can’t predict when an incident will occur and it can’t prevent it. In contrast, prevention security controls stop the incident from occurring at all. Consider cameras and guards.
- Video surveillance. A simple camera without recording capabilities can prevent incidents because it acts as a deterrent. Compare this to a CCTV system with recording abilities. It includes cameras, which can deter and prevent incidents but the full system is also a detection control because of the recording capabilities. Security professionals can review the recordings to detect incidents after they’ve occurred.
- Guards. Guards are primarily prevention security controls. They will deter many incidents just by their presence. If attackers try to circumvent a security system, such as trying to sneak into a secured area, guards can intervene and stop them.
Corrective Security Controls
Corrective controls attempt to reverse the impact of an incident or problem after it has occurred. Some examples of corrective controls are:
- Active IDS. Active intrusion detection systems (IDSs) attempt to detect attacks and then modify the environment to block the attack from continuing.
- Backups and system recovery. Backups ensure that personnel can recover data if it is lost or corrupted. Similarly, system recovery procedures ensure administrators can recover a system after a failure.
Deterrent Security Controls
Deterrent controls attempt to discourage a threat. Some deterrent controls attempt to discourage potential attackers from attacking, and others attempt to discourage employees from violating a security policy.
You can often describe many deterrent controls as preventive controls. For example, you can have a security guard control access to a restricted area of your building. This guard will deter most people from trying to sneak in. This deterrence prevents security incidents related to unauthorized access. Similarly, a social engineer might try to trick a building receptionist but if you require visitors to go through the security guard first, it will deter many social engineers and prevent unauthorized entry.
The following list identifies some physical security controls used to deter threats:
- Cable locks. Securing laptops to furniture with a cable lock deters thieves from stealing the laptops. Thieves can’t easily steal a laptop secured this way. If they try to remove the lock, they destroy the laptop. Admittedly, a thief could cut the cable with a large cable cutter. However, someone walking around with a four-foot cable cutter looks suspicious.
- Hardware locks. Other locks such as locked doors securing a wiring closet or a server room also deter attacks. Many server bay cabinets also include locking cabinet doors.
Compensating Security Controls
Compensating controls are alternative controls used instead of a primary control. As an example, an organization might require smart cards as part of a multi-factor authentication solution. However, it might take time for new employees to receive their smart card. To allow new employees to access the network and still maintain a high level of security, the organization might choose to implement a Time-based One-Time Password (TOTP) as a compensating control. The compensating control still provides multi-factor authentication.
Next page …. Previous page
Page 2 Security Control Goals continued (this page)