- Preventive Controls: are controls which are designed to prevent an error, omission or malicious act occurring.
Restrict unauthorized entry into the premises.
- Build a gate and post a security guard.
- Use access control software, smart card, biometrics, etc.
Restricted unauthorized entry into the software applications.
- Keep the computer in a secured location and allow only authorized person to use the applications.
- Use access control, viz. User ID, password, smart card, etc.
- Corrective Controls: are designed to reduce the impact or correct an error once it has been detected.
- Detective Control: are designed to detect errors, omissions or malicious acts that had occurred and report the occurrence.
Characteristics
- Clear understanding of legitimate activities so that anything which deviates from these is reported as malicious, etc.
- Interaction with the preventive control to prevent such acts from occurring
- Surprise checks by supervisor
- Minimize the impact of the threat.
- Rectify the problem
Modify the processing systems to minimize future occurrences of the problem