Types of security controls - AWS Prescriptive Guidance

Types of security controls

There are four main types of security controls:

  • Preventative controls – These controls are designed to prevent an event from occurring.

  • Proactive controls – These controls are designed to prevent the creation of noncompliant resources.

  • Detective controls – These controls are designed to detect, log, and alert after an event has occurred.

  • Responsive controls – These controls are designed to drive remediation of adverse events or deviations from your security baseline.

An effective security strategy includes all four types of security controls. While preventative controls are a first line of defense to help prevent unauthorized access or unwanted changes to your network, it is important to make sure that you establish detective and responsive controls so that you know when an event occurs and can take immediate and appropriate action to remediate it. Using proactive controls add another layer of security because it complements preventative controls, which are generally stricter in nature.

The following sections describe each type of control in more detail. They discuss the objectives, implementation process, use cases, technological considerations, and target outcomes of each control type.