Vulnarex | Elite Cybersecurity Learning Platform

#Selecting the Right Security Controls#link

Security control selection is the process of choosing appropriate safeguards to reduce risk to an acceptable level. Controls are selected based on the risk assessment results, compliance requirements, and cost-benefit analysis.

Control Categories

▪Preventive controls — stop threats before they materialize (firewalls, access controls, encryption).
▪Detective controls — identify threats that have occurred (IDS, audit logs, SIEM).
▪Corrective controls — limit damage and restore systems after an incident (backups, incident response plans).
▪Compensating controls — alternative measures when primary controls cannot be implemented.

Matching Controls to Risks

Every control must map to a specific threat or vulnerability identified during risk assessment. Applying controls without a risk basis wastes resources and may create a false sense of security.

callout

Always document the rationale for selecting or rejecting a control. Auditors and stakeholders will ask why certain risks were accepted without technical countermeasures.

quiz BLOCK (★ 50 XP)

A company cannot afford a full IDS solution. They instead schedule weekly log reviews. What type of control is the log review acting as?

Select your proof vectors above

Security Control Selection

#Selecting the Right Security Controls#link

Control Categories

Matching Controls to Risks

A company cannot afford a full IDS solution. They instead schedule weekly log reviews. What type of control is the log review acting as?

Verification Proof Checkpoint