BCS CISMP-V9 Exam - Topic 3 Question 109 Discussion

Security controls are measures taken to safeguard an information system from attacks or to mitigate the impact of a breach. They are commonly classified into three main categories: preventive, detective, and corrective. Preventive controls aim to prevent incidents before they occur, detective controls are designed to discover and detect security events, and corrective controls are intended to restore systems to normal operation after an incident. The term ''nominative'' is not recognized as a standard classification of security controls within the principles of information security management.Instead, the accepted classifications align with the objectives of protecting the confidentiality, integrity, and availability of information.Reference: The BCS Foundation Certificate in Information Security Management Principles outlines the categorization, operation, and effectiveness of controls of different types and characteristics, which does not include ''nominative'' as a classification1.