Is any hardware, software or administrative policy or procedure that control access to assets.
The goal is to only allow access to authorized subjects.
Active Entity, that tries to access assets. Examples: Users, programs, processes, services, etc.
Passive Entity, that provides information to active subjects. Examples: Databases, services, printers, programs, files, etc.
The management between these two is known as Access Control.
Stop unwanted unauthorized activity from occurring.
Attempts to discover or detect if any unauthorized activity has happened. Can’t stop access from happening, only detect it afterwards.
It modifies the environment to return to normal after an unwanted or unauthorized activity occurred. It attempts to correct the issue that lead to the unauthorized activity.
Fences, locks, alarm system (that locks everything), auditing, encryption, security policies, CCTV, penetration testing, etc.
Security guards, motion detectors, audit trails, violation reports, supervision and review of users
Rebooting a system, antivirus that quarantines and removes a virus, backup and restore plans
Deterrent is very close to preventive, but it depends on the would-be violator to decide not to take the unwanted or unauthorized action.