Page 954 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 954

and incident investigations.

               Corrective Access Control A corrective control modifies the
               environment to return systems to normal after an unwanted or

               unauthorized activity has occurred. Corrective controls attempt to
               correct any problems that occurred because of a security incident.
               Corrective controls can be simple, such as terminating malicious
               activity or rebooting a system. They also include antivirus solutions
               that can remove or quarantine a virus, backup and restore plans to

               ensure that lost data can be restored, and active intrusion detection
               systems that can modify the environment to stop an attack in progress.



                             Chapter 16, “Managing Security Operations,” covers


                  intrusion detection systems and intrusion prevention systems in
                  more depth.



               Deterrent Access Control A deterrent access control attempts to
               discourage security policy violations. Deterrent and preventive
               controls are similar, but deterrent controls often depend on
               individuals deciding not to take an unwanted action. In contrast, a
               preventive control blocks the action. Some examples include policies,
               security awareness training, locks, fences, security badges, guards,

               mantraps, and security cameras.

               Recovery Access Control A recovery access control attempts to
               repair or restore resources, functions, and capabilities after a security
               policy violation. Recovery controls are an extension of corrective
               controls but have more advanced or complex abilities. Examples of
               recovery access controls include backups and restores, fault-tolerant
               drive systems, system imaging, server clustering, antivirus software,

               and database or virtual machine shadowing.

               Directive Access Control A directive access control attempts to
               direct, confine, or control the actions of subjects to force or encourage
               compliance with security policies. Examples of directive access
               controls include security policy requirements or criteria, posted
               notifications, escape route exit signs, monitoring, supervision, and
   949   950   951   952   953   954   955   956   957   958   959