Understanding the Goals of Controls

Controls and countermeasures are typically identified as one of the following three types: preventive, detective, or corrective. A preventive control attempts to prevent losses before they occur, a detective control detects violations, and a corrective control attempts to reverse the impact from a security incident.

Losses to availability, integrity, or confidentiality (AIC) can impact the organization’s mission. Figure 9-3 emphasizes that controls attempt to prevent, detect, and correct losses to any of these elements of the security triad.

Figure 9-3 Controls prevent, detect, and/or correct losses to AIC

Some controls combine all three objectives. For example, AV software running at the boundary or on an e-mail server can strip off malicious attachments to prevent them from reaching the user. AV software running on a user’s system can detect malware, such as when a user inserts an infected USB flash drive into a system. This AV software can also correct the problem by removing the malware from the infected USB flash drive.