Administrative
Technical/Logical
Physical
A deterrent control does not prevent a person from gaining access.
This type of control is used to deter or discourage someone from doing something bad.
An example of a deterrent control is a Warning sign.
A preventative control is designed to prevent unauthorized persons from gaining access.
Examples of preventative controls are: physical locks, security guards, etc.
Detective security controls may not actually prevent an unauthorized person from accessing a resource.
This security control can be used to identity a threat or unauthorized person.
An example of a detective security control is a motion sensor within a secure area in a building.
Corrective security controls are used to fix or mitigate a threat from a system.
An example of a corrective security control is a firewall to prevent malicious traffic from entering your network.
A compensating control does not prevent an attack on the system or network.
Compensating controls are used help restore a system back to a work state if a security incident has occurred.
Technical security controls are electronic and digital systems that are implemented with other systems.
Administrative security controls are the policies implemented by an organization which are used to control how an employee behaves.
Administrative security controls can be IT security policies, HR policies and even standard operating procedures.
Physical security controls are physical objects such as fences, doors and locks which are used to secure a physical site.