ELI5: What are Preventive, Detective, and Corrective Controls?
A lock on the door stops bad stuff before it happens (preventive). A smoke detector tells you something bad is happening right now (detective). A fire extinguisher fixes the problem after it starts (corrective). Good security uses all three.
Definition
Security controls are classified by the timing of their effect relative to a security incident. Preventive controls stop incidents before they occur. Detective controls identify when incidents are occurring or have occurred. Corrective controls restore systems and minimize damage after an incident. Understanding these categories helps security professionals design comprehensive control frameworks that address all phases of the security lifecycle.
Key Details
- Preventive controls: Stop attacks before they succeed. Examples: firewall rules, access controls, encryption, security awareness training, MFA.
- Detective controls: Identify attacks in progress or after the fact. Examples: IDS, SIEM, audit logs, security cameras, file integrity monitoring.
- Corrective controls: Restore normal operations after an incident. Examples: backups and recovery, incident response procedures, patch management, antivirus remediation.
- Deterrent controls: Discourage attacks without physically preventing them. Examples: warning banners, security guards, policy statements.
- Most security frameworks layer all three types—prevention alone is insufficient.
Connections
- Parent: defense-in-depth — control timing categories within a layered defense strategy
- See also: administrative-controls, technical-controls