Types of Security Controls
Click here or there to move to the next page!
Intellectual Point. (2025, April 28). Security controls explained: Preventive, detective & corrective cybersecurity strategies [Video]. YouTube. https://youtu.be/6W6XDxgvEto
Text
This video is meant to be a large overview of the next few lessons. This video is optional.
Next
Overview of Security Controls
- Preventive Controls
- Aim to prevent security incidents.
- Detective Controls
- Identify and detect security incidents.
- Corrective Controls
- Respond to and recover from security incidents.
- Administrative/Operational Controls
- Physical Controls
- Technical Controls
Local Government Association. (2024, November 4). What are cyber security controls? [Video]. YouTube. https://youtu.be/aM0uXIouo6s
Text Version
Back
Next
Preventive Controls
Measures taken to prevent security incidents. Examples:
Back
Next
Click on the dots to see more information about the topic.
Detective Controls
Measures that detect or identify security incidents. Examples:
- Intrusion Detection Systems (IDS)
IT Encyclopedia. (2024, March 17). What is an Intrusion Detection System (IDS)? [Video]. YouTube. https://youtu.be/l-yLEb-MweE
Text Version
Back
Next
Click on the dots to see more information about the topic.
Corrective Controls
Measures taken to respond to and mitigate the effects of a security incident. Examples:
University of Southern California. (2019, February). IT disaster recovery plan [Template]. https://customsitesmedia.usc.edu/wp-content/uploads/sites/532/2019/02/21035639/Disaster-Recovery-Plan-Template.pdf
A table of contents from USCs Disaster Recovery Plan
Back
Next
Click on the dots to see more information about the topic.
Security Controls – Knowledge Check
Back
Next
Administrative/Operational Controls
Policies and procedures implemented by management to guide the organization in secure practices and day-to-day operations. Examples:
- Incident response procedures
Click here to see an example of the security policies and procedures of the University of Pennsylvania.
Back
Next
Click on the dots to see more information about the topic.
Physical Controls
Measures taken to protect physical access to systems and facilities. Examples:
Back
Next
Technical Controls
Security measures implemented through technology. Examples:
- Multi-factor authentication
IT Encyclopedia. (2024, March 17). What is Two-factor Authentication? [Video]. YouTube. https://youtu.be/wbXtrUoS-Uw
Text Version
Back
Next
Click on the dots to see more information about the topic.
Security Controls II – Knowledge Check
Back
Next
The Principle of Defense in Depth
A layered security strategy that combines multiple types of controls.
- Layers preventive, detective, and corrective controls to provide comprehensive security.
Back
Text Version
1. Policies, Procedures, and Awareness Examples: Passwords, policies, and data classification 2. Physical Examples: Locks, fences, and security guards 3. Perimeter Examples: Firewall, VPN, and packet filters 4. Internal Network Examples: Firewall, intrusion detection, and encryption 5. Host Examples: Platform OS, patches, and malware protection 6. Application (App) Examples: Locks, fences, and security guards 7. Data Examples: Database, content, and message activity
The Three Main Types of Controls Physical Controls: Tangible mechanisms such as doors, cameras, fences, and security guards that prevent physical access to facilities and assets [00:30]. Technical Controls: Technology-based solutions used to manage risk, such as installing firewalls to block unauthorized network traffic [00:52]. Administrative Controls: Policies, procedures, and guidelines that define business practices. This includes employee training, recruitment strategies, and termination protocols [01:00]. Functional Categories The video further categorizes these controls based on their specific function: Preventative: Intended to stop unauthorized activities before they happen (e.g., fences or firewalls) [01:40]. Detective: Designed to identify and alert personnel to unauthorized activity while it is occurring or after the fact (e.g., alarms or regular data backups) [01:59]. Corrective: Actions taken to repair damage and restore systems to their original state after an incident (e.g., implementing an incident response plan or applying software patches) [02:18]. Strategic Implementation The video concludes by emphasizing the importance of risk assessment and management processes. These help organizations balance the need for robust security controls with available resources and the potential impact of cyber threats [02:48].
[00:00:00]: Introduction and definition of an Intrusion Detection System (IDS). [00:00:11]: Explanation of how IDS is used to detect unauthorized access and anomalies. [00:00:20]: Listing of popular IDS examples like AIDE and Zeek. [00:00:30]: Description of the monitoring and alerting process. [00:00:40]: Discussion on the limitations of an IDS regarding active protection. [00:00:50]: Closing remarks and call to action.
[00:00]: Introduction and formal definition of 2FA. [00:11]: Explanation of the "extra layer" of security and the three common types of identification factors. [00:23]: Practical example of combining a password with a mobile device. [00:33]: Conclusion and information about further resources.
For closed captioning or timestamps please go to youtube.
Module 3 Lesson 1: Types of Security Controls
Teaching and Learning
Created on March 26, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Essential Business Proposal
View
Project Roadmap Timeline
View
Step-by-Step Timeline: How to Develop an Idea
View
Artificial Intelligence History Timeline
View
Momentum: Onboarding Escape Game
View
Momentum: Manager Guide
View
Wizardry Letter
Explore all templates
Transcript
Types of Security Controls
Click here or there to move to the next page!
Intellectual Point. (2025, April 28). Security controls explained: Preventive, detective & corrective cybersecurity strategies [Video]. YouTube. https://youtu.be/6W6XDxgvEto
Text
This video is meant to be a large overview of the next few lessons. This video is optional.
Next
Overview of Security Controls
Local Government Association. (2024, November 4). What are cyber security controls? [Video]. YouTube. https://youtu.be/aM0uXIouo6s
Text Version
Back
Next
Preventive Controls
Measures taken to prevent security incidents. Examples:
Back
Next
Click on the dots to see more information about the topic.
Detective Controls
Measures that detect or identify security incidents. Examples:
IT Encyclopedia. (2024, March 17). What is an Intrusion Detection System (IDS)? [Video]. YouTube. https://youtu.be/l-yLEb-MweE
Text Version
Back
Next
Click on the dots to see more information about the topic.
Corrective Controls
Measures taken to respond to and mitigate the effects of a security incident. Examples:
University of Southern California. (2019, February). IT disaster recovery plan [Template]. https://customsitesmedia.usc.edu/wp-content/uploads/sites/532/2019/02/21035639/Disaster-Recovery-Plan-Template.pdf
A table of contents from USCs Disaster Recovery Plan
Back
Next
Click on the dots to see more information about the topic.
Security Controls – Knowledge Check
Back
Next
Administrative/Operational Controls
Policies and procedures implemented by management to guide the organization in secure practices and day-to-day operations. Examples:
Click here to see an example of the security policies and procedures of the University of Pennsylvania.
Back
Next
Click on the dots to see more information about the topic.
Physical Controls
Measures taken to protect physical access to systems and facilities. Examples:
Back
Next
Technical Controls
Security measures implemented through technology. Examples:
IT Encyclopedia. (2024, March 17). What is Two-factor Authentication? [Video]. YouTube. https://youtu.be/wbXtrUoS-Uw
Text Version
Back
Next
Click on the dots to see more information about the topic.
Security Controls II – Knowledge Check
Back
Next
The Principle of Defense in Depth
A layered security strategy that combines multiple types of controls.
Back
Text Version
1. Policies, Procedures, and Awareness Examples: Passwords, policies, and data classification 2. Physical Examples: Locks, fences, and security guards 3. Perimeter Examples: Firewall, VPN, and packet filters 4. Internal Network Examples: Firewall, intrusion detection, and encryption 5. Host Examples: Platform OS, patches, and malware protection 6. Application (App) Examples: Locks, fences, and security guards 7. Data Examples: Database, content, and message activity
The Three Main Types of Controls Physical Controls: Tangible mechanisms such as doors, cameras, fences, and security guards that prevent physical access to facilities and assets [00:30]. Technical Controls: Technology-based solutions used to manage risk, such as installing firewalls to block unauthorized network traffic [00:52]. Administrative Controls: Policies, procedures, and guidelines that define business practices. This includes employee training, recruitment strategies, and termination protocols [01:00]. Functional Categories The video further categorizes these controls based on their specific function: Preventative: Intended to stop unauthorized activities before they happen (e.g., fences or firewalls) [01:40]. Detective: Designed to identify and alert personnel to unauthorized activity while it is occurring or after the fact (e.g., alarms or regular data backups) [01:59]. Corrective: Actions taken to repair damage and restore systems to their original state after an incident (e.g., implementing an incident response plan or applying software patches) [02:18]. Strategic Implementation The video concludes by emphasizing the importance of risk assessment and management processes. These help organizations balance the need for robust security controls with available resources and the potential impact of cyber threats [02:48].
[00:00:00]: Introduction and definition of an Intrusion Detection System (IDS). [00:00:11]: Explanation of how IDS is used to detect unauthorized access and anomalies. [00:00:20]: Listing of popular IDS examples like AIDE and Zeek. [00:00:30]: Description of the monitoring and alerting process. [00:00:40]: Discussion on the limitations of an IDS regarding active protection. [00:00:50]: Closing remarks and call to action.
[00:00]: Introduction and formal definition of 2FA. [00:11]: Explanation of the "extra layer" of security and the three common types of identification factors. [00:23]: Practical example of combining a password with a mobile device. [00:33]: Conclusion and information about further resources.
For closed captioning or timestamps please go to youtube.