Defense & Operations
Preventive Controls
Also known as: Preventative controls
Definition
Controls designed to stop a security event from occurring in the first place by removing the opportunity or capability to act.
Examples
- Enforcing FIDO2 phishing-resistant MFA on all administrative accounts.
- Network segmentation that prevents a compromised marketing laptop from reaching the payments environment.
Related terms
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Detective Controls
Security measures designed to identify and alert on malicious activity, policy violations, or anomalies after they occur in an environment.
Corrective Controls
Security measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state.
Compensating Controls
Compensating Controls — definition coming soon.
System Hardening
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.