top of page
  • Writer: Tony Stiles
    Tony Stiles
  • Jun 20, 2024
  • 2 min read

Compare and Contrast Various Types of Controls



Controls are measures or safeguards put in place to reduce risk and ensure compliance with policies, procedures, laws, and regulations


Category

Controls can fall on the following categories:

  1. Managerial controls: These controls are administrative or policy-based controls that define the framework within which other controls operate. They are designed to ensure that the organization's policies, procedures, and guidelines are communicated, enforced, and monitored. Examples of managerial controls include policies, standards, procedures, guidelines, risk assessments, and compliance audits.

  2. Operational controls: These controls are process-oriented controls that ensure that business operations are conducted efficiently and effectively. They are designed to ensure that tasks are performed in accordance with policies, procedures, and guidelines. Examples of operational controls include segregation of duties, background checks, training, quality assurance, and change management.

  3. Technical controls: These controls are technology-based controls that use software, hardware, and other technology to protect information assets. They are designed to protect the confidentiality, integrity, and availability of information and systems. Examples of technical controls include access controls, firewalls, encryption, intrusion detection and prevention systems, antivirus software, and backup and recovery systems.


Control Type

When considering their purpose, the following controls types can be found:

  • Preventive controls aim to stop an incident or a violation from occurring by preventing the unauthorized access or actions. Examples include access controls, authentication mechanisms, encryption, firewalls, and security awareness training.

  • Detective controls aim to detect incidents that have occurred or violations of policies and regulations. Examples include intrusion detection systems, security cameras, audit trails, and log analysis.

  • Corrective controls aim to mitigate the impact of an incident that has occurred or a violation that has been detected. Examples include incident response processes, disaster recovery plans, backup and recovery solutions, and vulnerability management.

  • Deterrent controls aim to discourage individuals from engaging in activities that are against policies or regulations. Examples include security awareness training, policies and procedures, warning banners, and legal consequences.

  • Compensating controls aim to provide an alternative control mechanism in situations where other controls are not feasible or practical. Examples include security guards, background checks, and job rotation.

  • Physical controls aim to prevent unauthorized physical access to an organization's resources. Examples include locks, security cameras, fences, biometric authentication, and environmental controls like fire suppression systems and temperature control.

bottom of page