Content deleted Content added
Add appropriate reference to Preventative Control citing the Zero Trust CloudSec AccuKnox blog. Tags: Reverted Visual edit |
Rv promotional link./Undid revision 1161045636 by HighnessAtharva (talk) |
||
Line 24:
;Preventive controls
:The main objective of preventive controls is to strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities, as well as preventing unauthorized intruders from accessing or entering the system.<ref>Virtue, T., & Rainey, J. (2015). Preventative Control - an overview | ScienceDirect Topics. Retrieved October 13, 2021, from <nowiki>https://www.sciencedirect.com/topics/computer-science/preventative-control</nowiki></ref> This could be achieved by either ''adding'' software or feature implementations (such as firewall protection, endpoint protection, and multi-factor authentication), or ''removing'' unneeded functionalities so that the attack surface is minimized (as in [[unikernel]] applications). Additionally, educating individuals through security awareness training and exercises is included in such controls due to the human error being the weakest point of security. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. All in all, preventative controls affect the likelihood of a loss event occurring and are intended to prevent or eliminate the systems’ exposure to malicious action.
;Detective controls
| |||