Prevention, Detection, Correction, Compensation, or Deterrence? Which one is what?

Cybersecurity can be confusing, especially with terms like prevention, detection, deterrence, correction, and compensation often thrown around if you're unsure what each means. This post will explain them in simple terms so you can understand how they help keep systems secure.

1. Prevention: Prevention involves putting controls in place that make it difficult or impossible for an attack to succeed. These measures stop attacks from happening by implementing proactive security measures. It’s like locking all doors and windows in your house to keep intruders out.

   Examples:

   • Firewalls: Block unauthorised access to a network.

   • Encryption: Secure data so unauthorised individuals can't read it.

   • Access Controls: Use of passwords, multi-factor authentication (MFA), and biometrics to limit who can enter a system or access specific data.

   • Patching & Updates: Regularly updating software to close security vulnerabilities.

   • Antivirus Software: Prevent malware from entering the system.

   
   

2. Detection: Detection involves monitoring systems to identify potential threats or attacks that have bypassed preventive measures. It’s like having security cameras in your house to spot intruders if they manage to get inside.

   Examples:

   • Intrusion Detection Systems (IDS): Monitors network traffic for suspicious activity.

   • Log Analysis: Reviews system logs to detect unusual behaviour.

   • Security Information and Event Management (SIEM): Collects and analyses security data to spot threats.

   • Antivirus Scans: Identifies and alerts users of malware.

     
     

3. Deterrence: Deterrence involves measures that discourage attackers from trying to breach security by making it clear that they will face consequences. It involves using visible security measures or legal frameworks that make attackers think twice before proceeding. It’s like placing security signs around your house to warn potential intruders.

   Examples:

   • Security Awareness Training: Educates employees on recognising and avoiding phishing attacks.

   • Legal Penalties: Threats of lawsuits or fines for attackers.

   • Visible Security Systems: Cameras and alarms that show security is in place.

     
     

4. Correction: Correction involves taking action to fix the issue after an attack or security breach occurs. Once a breach or attack is identified, correction involves removing the threat, fixing vulnerabilities, and restoring affected systems. It’s like fixing a broken window after a break-in to restore security to your home.

   Examples:

   • Restoring Backups: Reverts systems to their state before the attack.

   • Reconfiguring Systems: Adjusts security settings to close vulnerabilities.

   • Patch Management: Fixes software bugs that attackers exploit.

   • Malware Removal: Cleans up infected systems.

     
     

5. Compensation: Compensation involves backup measures that minimise the damage if primary controls fail. When a primary security control either fails or is bypassed, compensation ensures that there are other mechanisms in place to protect assets, It's like having insurance that helps cover the loss after a burglary.

   Examples:

   • Redundant Servers: Backup servers that take over if the main one is compromised.

   • Disaster Recovery Plans: Ensure operations can continue after a security event.

   • Data Encryption: Protects sensitive data in case it's stolen.

   
   

#cybersecurity

#infosec