• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Question 1

August 29, 2023 by David Lanter 12 Comments

What are 3 types of risk mitigating controls? Which is the most important?  Why is it the most important?

Filed Under: Unit 02: Data Classification Process and Models Tagged With:

Reader Interactions

Comments

  1. Nicholas Nirenberg says

    September 3, 2023 at 1:04 pm

    Three types of risk mitigating controls include preventive controls, corrective controls, and detective controls. Preventive controls aim to mitigate risk by preventing security threats from occurring, corrective controls try to mitigate risk by correcting errors or vulnerabilities as they are detective, and lastly detective controls attempt to detect risks before they are actualized to mitigate the potential for an unseen threat cause a security threat. I believe that preventative controls are the most important because while detective and corrective controls are important risk mitigating controls, they both need a risk to already be present to control them. For example, detective control is not very useful on its own and needs a risk to already be present, and corrective controls correct an existing risk; only preventative mitigation controls attempt to reduce the probability of a risk.

    Log in to Reply
    • Jon Stillwagon says

      September 5, 2023 at 10:13 pm

      Hello Nicholas, I see your point about preventive controls and how important they are. It can reduce or completely eliminate the risk entirely. It would make sense for a company to be more proactive than reactive if such a risk were to happen. It could avoid any potential dangers or loss for the company if that were to happen.

      Log in to Reply
  2. Celinemary Turner says

    September 3, 2023 at 9:12 pm

    Risk mitigating controls are measures or strategies implemented by organizations to reduce the likelihood or impact of various risks. The importance of a specific control can vary depending on the context and the nature of the risks an organization faces. Here are three types of risk mitigating controls: preventive control, detective control, and corrective control.
    Preventative controls aim to stop a potential risk from occurring. Preventative controls proactively reduce the likelihood of an incident occurring. For example, by restricting access, implementing security policies, and encrypting data, organizations can prevent unauthorized access and minimize the potential for breaches or attacks. Detective controls are designed to identify and detect risks or incidents that have already occurred. Detective controls are crucial for promptly identifying and responding to security breaches or incidents. they help organizations detect and mitigate the impact in a timely manner, reducing the damage and potential losses. Corrective controls are implemented after a risk or incident has been detected to minimize the impact and prevent a recurrence. Examples include incident response plans, data recovery processes, and vulnerability patching. Corrective controls are important because they help organizations recover from an incident, mitigate its impact, and address the root cause to prevent future occurrences. Preventive control is typically considered the most important, for these reasons; because they proactively reduce the likelihood of incidents, preventing them from occurring in the first place. Preventative measures create a strong foundation for security and can significantly reduce the overall risk exposure. By preventing risks from happening in the first place, organizations can avoid the potential damage, costs, and disruptions associated with risk events.

    Log in to Reply
  3. Jon Stillwagon says

    September 5, 2023 at 9:18 pm

    1. The three types of risk-mitigating controls are Preventive, Detective, and Corrective controls. The most important control would have to be the corrective control because the company or organization can only do so much when putting preventive controls in place, it’s still possible for the bad guys to get in. Detective controls are important because you have to find where the leak is coming from but it is corrective controls that are the most important. If all else fails you at least have a plan in place to get all your information back and it wouldn’t be totally lost. The company could prevent and detect all they want but the last line of defense would be the corrective controls to make sure the information you have doesn’t get out or leaked.

    Log in to Reply
  4. Eyup Aslanbay says

    September 6, 2023 at 9:15 am

    Dean’s laptop may be the most important device for him. He may have highly important and proprietary information in his laptop. But not just his information, also students and, employee information like social security numbers, credit card numbers, and confidential information about college.

    Log in to Reply
    • Eyup Aslanbay says

      September 6, 2023 at 10:19 pm

      ignore it please. It was accident.

      Log in to Reply
  5. Ooreofeoluwa Koyejo says

    September 6, 2023 at 9:14 pm

    Risk mitigating controls are broadly classified into:
    1. Preventive/Proactive controls: which are implemented to avoid/address possible risk areas before they occur.
    2. Detective controls: which are used to identify, and pick up risks as they occur.
    3. Corrective controls: which are used to address risks that have been successful in order to restore and recovery
    Complimentary to these 3 risk-mitigating controls is the Compensating Controls which is used to supplement controls implemented which might not be sufficient to completely address the risks identified.

    I would not necessarily rate one of these as the most important but would argue that the application of the controls is dependent on the context of the organisation, risk appetite and organizational goals. To achieve the best value from the implementation of these controls, it is necessary to juxtapose them and apply them accordingly.

    Log in to Reply
  6. Bo Wang says

    September 10, 2023 at 3:31 pm

    There are three types of risk-mitigating controls, Preventive control, Detective controls and Corrective controls. I think preventive control is the most important because it can avoid or reduce losses.

    Log in to Reply
  7. Yannick Rugamba says

    September 10, 2023 at 5:03 pm

    There are three types of risk mitigating controls mentioned in the given document: detective controls, corrective controls, and preventive controls.

    Detective controls include network and information access monitoring, intrusion detection (host-based or network-based), and manual or automated review of security logs. These controls help in identifying and detecting any potential security breaches or unauthorized access to information systems.

    Corrective controls involve recovery plans for handling isolated information safeguard failure incidents and business continuity plans. These controls help in addressing and resolving security incidents and ensuring the continuity of business operations.

    Preventive controls include the use of encryption, information integrity measures, security configuration, media reuse, antivirus software, and physical protection. These controls aim to prevent security breaches and unauthorized access by implementing measures to protect information systems and infrastructure.

    Log in to Reply
  8. Edge Kroll says

    September 10, 2023 at 8:01 pm

    The three types of risk-mitigating controls are corrective, preventative, and detective respectively. They are all exactly as they sound. Detective controls are used to identify threats before the risk can occur. Preventative controls are used to prevent security breaches and other similar threats. While corrective controls are focused on a business’s recovery in the event of an incident. In my personal opinion, corrective controls are the most important type, as risks are inevitable. It is incredibly important that a business is prepared to deal with them in a fast and efficient manner in order to ensure that operations are not halted.

    Log in to Reply
  9. Eyup Aslanbay says

    September 11, 2023 at 8:15 pm

    Risk mitigating controls are measures taken to manage and reduce potential adverse impacts on organizations or projects. While there are many ways to categorize these controls, three common types include: Preventive Controls, Detective Controls, Corrective Controls. Which one is the most important? It depends on the specific context and the nature of the risk being addressed. For some scenarios, prevention is the best approach, while in others, swift detection and correction may be more critical. But my personal opinion is corrective control because it helps to correct or minimize the impact of a problem.

    Log in to Reply
  10. Hashem Alsharif says

    December 9, 2023 at 1:16 pm

    Going off of the three types of risk mitigating controls, you have Corrective, preventive, and detective. All three are important however, I believe the most important one is detective risk mitigating controls. While preventive controls have their benefit because they prevent a risk from starting, and corrective risks help mitigate the impact of a risk that happened, detective risks help locate the risk while it’s starting, but not while it actually happened. One thing to note is this could also vary depending on the type of company. For some companies, they may find that preventive controls are the best for them. However as a whole, I think detection controls are the best since they don’t operate on hypotheticals, nor do they operate under the premises of the damage has already been done. This is why audits are so appreciated in the IT world today because while audits also go into detail about preventative control, another key area they focus on is detecting risks that are already present.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in