# Security Control Types Backlink: [[Domain 1 - Index]] **Definition:** Categories describing a control’s purpose (preventive, detective, corrective, deterrent, compensating) and nature (administrative, technical, physical). ## Key Facts - Preventive: stop incidents (ACLs, MFA, training). - Detective: discover events (SIEM alerts, IDS, logs). - Corrective: restore state (patching, backups, reimaging). - Deterrent: discourage (cameras, banners, legal notices). - Compensating: alternative meeting the intent when primary not feasible. - Administrative vs. technical vs. physical distinctions. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Classify a control quickly - Choose compensating control meeting intent >[!note] **Mnemonic** - “P D C D C” (Prevent, Detect, Correct, Deter, Compensate). ### Example Q: Security banner is what type? A: Deterrent (administrative). ## Revision Checklist - [ ] List 5 purpose types - [ ] Match 3 examples each - [ ] Distinguish admin/tech/physical - [ ] Define compensating criteria ## Related [[CIA Triad]] · [[Risk Response Strategies]] · [[Control Frameworks (ISO/IEC 27001, NIST, COBIT)]] · [[Security Metrics, KPIs, and KRIs]] · [[Incident Response Lifecycle]] #cisSP #domain-1 #concept