•  Physical: CCTV.
                   •  Corrective: remedy & restore controls
                          •  Administrative: termination.
                          •  Technical: unplug, isolate, and
                              terminate the connection.
                          •  Physical: fire extinguisher.
                   •  Compensating: alternative controls
                          •  Administrative: supervision, job
                              rotation.
                          •  Technical: logging, keystroke
                              monitoring.
                          •  Physical: layered defense.
                          •  Note: compensating is an alternative
                              when a primary is unavailable.  For
                              example, to have a procedure to
                              check ID when a badge reader is
                              malfunctioning.  All of the
                              compensating controls also belong in
                              other categories.
                   •  Recovery: restore to normal
                          •  Administrative: DR plan.
                          •  Technical: tape backups.
                          •  Physical: reconstruction, rebuild.

               Types of Authentication
               •  Asynchronous token device:
                       •  Time is not an issue with asynchronous
                          token devices.  These steps can take
                          moments or minutes/hours/days, etc.
                   1.  Request sent to authentication server along
                       with user ID.