Controls and Protections
To protect hardware, software and media resources from:
– Threats in an operating environment
– Internal or external intruders
– Operators who are inappropriately accessing resources
Categories of Controls:
– Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized intruder from internally or externally accessing the system.
– Detective Controls: Are used to detect an error once it has occurred.
– Corrective Controls / Recovery Controls: Are implemented to mitigate the impact of a loss event through data recovery procedures.
– Deterrent Controls / Directive Controls: Are used to encourage compliance with external controls.
– Application Controls: Are the controls that are designed into a software application to minimize and detect the software’s operational irregularities.
– Transaction Controls: Are used to provide control over the various stages of a transaction. Types of controls are: Input, processing, output, change and test controls.