Auditing

Types of Controls

  • Detective

  • Preventative

  • Corrective

  • Compensating

Detective Control - Controls that alert employees to an action. ie, Log Monitoring with Alerts, Data leak Prevention, Intrusion Detection System.

Preventative Control - Controls used to help prevent certain events from occurring. ie, Example - A signature is required before an employee spends over 2,000.00 dollars on a service or equipment.

Corrective Control - Control that takes corrective action based upon an event that occurred. For Example, the DevOps team developed a script to spin up in a new region if their current region goes down.

Compensating control

A compensating control is when a process or technology is deficient and would require enormous changes, or it would be very costly for the organization to remediate.

Oftentimes compensating controls are used more to assist information systems and IT processes, rather than business processes. It's important to understand what controls are, and the different types that can be implemented.

Oftentimes technologies such as anti-malware will encompass all three control types especially with newer systems such as Carbon Black and CrowdStrike that have a machine learning backend.

Last updated