Security control types and functions
After you determine a priority for each issue, check out the list of security controls and select the options that provide the most benefit for your system.
The most beneficial security controls are found across multiple STRIDE categories. In most cases, they're also relatively inexpensive to implement.
Security-control types
As you assess each security control, notice how they fall into one of the following types:
Icon | Type | Description |
---|---|---|
Physical | Controls that physically prevent or detect unauthorized access. Examples include gates, badges, cameras, lighting, and suppression systems. | |
Technical | Controls that logically protect your system. Examples include firewalls, antivirus, access control lists, and encryption. | |
Administrative | Controls referring to policies that define processes for your system. Examples include data classification, auditing, and restrictions. |
Note
Depending on your system, you should apply security controls across all types to help create layers for a more secure system.
Security-control functions
Along with the three main types, security controls also have five different functions to help you apply multiple layers of security.
Function | Description | Example |
---|---|---|
Preventative | Does this strategy help reduce the probability or impact of this threat? | Locks, firewalls, data classification |
Detective | Does this strategy help identify attacks against my system as they happen? | Surveillance, honeypots, audit logs |
Corrective | Does this strategy help control how I respond to an incoming attack? | Physical repair, system patches, incident response plans |
Recovery | Does this mitigation help my service recover from an attack? | Hot-sites, system backups, disaster recovery plan |
Deterrent | Does this mitigation help keep attackers away from my system? | Fences, least privilege, authorized use policy |
Tip
Depending on issue priority, you may want to consider multiple security-control functions to secure your system before, during, and after a potential breach.
How it all comes together
Together with the security-control types, security-control functions create a matrix that helps you make the right selections. Here are a few examples:
Function | Physical | Logical | Administrative |
---|---|---|---|
Preventative | Locks | Firewalls | Data classification |
Detective | Surveillance | Honeypots | Audit logs |
Corrective | Physical repair | System patches | Incident response plans |
Recovery | Hot sites | System backups | Disaster recovery plan |
Deterrent | Fences | Least privilege | Authorized use policy |