Security controls are classified by the point in the threat lifecycle at which they act. A swipe card system physically blocks entry to a restricted area unless the presenter holds valid, authorized credentials; the control acts before an unauthorized event occurs, stopping the access attempt outright, which is the defining characteristic of a preventive control. A deterrent control (A) works psychologically, discouraging an attempt through visible consequence or risk (a warning sign or visible camera housing) without physically stopping access, so it is a weaker classification for a badge-reader-controlled door than preventive. A detective control (D) identifies that an event has already happened, such as a log showing a failed badge swipe or an alarm triggered after entry, but does not itself stop the entry. A corrective control (C) acts after an incident to restore normal operations or limit damage, such as revoking a compromised badge or resetting a lock. Because the swipe card system's core function is to block unauthorized physical access before it happens, it is correctly categorized as a preventive control within the standard deterrent-preventive-detective-corrective framework used in data protection security management.
Reference topic: Securing the Data Protection Environment - Physical Security Controls.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit