1. Directive Controls 1. Generally administrative, more guides and procedures. 2. Established before the a risk event occurs. 2. Corrective Controls 1. Can be either a manual or automatic process to limit the impact of a risk event. 3. Preventive Controls 1. Designed to proactively identify and mitigate potential threats and their probaility of ocurring. 4. Recovery Controls 1. Return a system back to an acceptable state of operation. 2. These controls are only relevant to a risk event after it has occured. 5. Detective Controls 1. Identifiees when a risk event has occured. 6. Deterrent Controls 1. Meant to alter the risk to reward ratio for threat actors by advertising some or all consequences associated with damaging a system. This makes the risk higher than the reward, hopefully deterring threat actors. 7. Compensating Controls 1. Either augments a primary control to achieve the required level of risk reduction/mitigation or is the fall back for the primary control in the case that the primary control fails. ISO 27000 Series Standards: Total of 93 controls focused on four broad topics:: 1. Organizational Controls = 37 controls 2. People Controls = 8 controls 3. Physical Controls = 14 controls 4. Technological Controls = 34 controls