visible  security  camera,  or  a  well-communicated  disciplinary
            policy.



            Preventive Controls
            Preventive control is the next step in the control infrastructure.
            Even if a person is not deterred from doing something wrong, the
            preventive control will attempt to prohibit or prevent improper
            activity. An example of a preventive control would be a fence, a
            lock,  a  password  requirement,  or  a  strictly  enforced  change
            control procedure.


            Reactive Controls

            Despite the many attempts made to prevent an adverse event
            from occurring, it is still required to be prepared for intentional,
            accidental, or circumstantial events.  This is where reactive
            controls such as detective, corrective, recovery, and
            compensating controls are used.



            Detective Controls
            Detective control is one that "detects" or notices an event with the
            intent to alert the organization and allow an adequate response.
            Examples of detective control are an Intrusion Detection System
            (IDS), a smoke detector (fire alarm), or a regular balancing of
            output and input transactions.



            Corrective Controls
            A  corrective  control  is  a  control  that  attempts  to  "correct"  or
            respond to an incident with the intent to regain control of the event