Corrective Control

From The Secure Arc Wiki

Jump to: navigation, search
Go to Asset DefinitionGo to Asset ValueGo to ExposuresGo to ExposuresGo to ExposuresGo to ExposuresGo to ExposuresGo to ExposuresGo to Asset VulnerabilitiesGo to Asset ImpactGo to ThreatsGo to Deterrent ControlGo to Detective ControlGo to Preventative ControlYou Are HereGo to CountermeasuresGo to CountermeasuresGo to CountermeasuresGo to CountermeasuresGo to CountermeasuresGo to CountermeasuresGo to CountermeasuresBack up to Security Controls

Corrective Controls are only initiated as a result of a Detective Control identifying an active exploit of a Vulnerability and triggering it. As a result, Corrective Controls are all about reducing the Impact of the exploited Vulnerability rather than preventing them from happening in the first place.

The key point here is that the attack has already begun and all we can do is limit the severity of it.

Looking at the Impact assessment, it is entirely dependent on the number of Information Assets that are exposed. The dollar Impact itself is effectively a multiple of the quantity of Information Assets exposed and their inferred value. In practice we map the quantity to a dollar range, but the outcome is the same.

The goal of the Corrective Control, therefore, should be to reduce the quantity of Information Assets that are exposed. This will be entirely dependent on the nature of the Vulnerability, however something as simple as terminating the associated users session may be enough to limit the number of records they were able to steal or modify.

Up Next

As with all Countermeasures, the hard part is the assessment of the costs, and this one in particular will need to be taken into account alongside the Detective Controls that are required to trigger it.

Navigation

Personal tools