Preventive Controls: Preventive controls are those inputs, which are designed to prevent an error, omission or malicious act occurring. An example of a preventive control is the use of passwords to gain access to a financial system. The broad characteristics of preventive controls are:
(i) A clear-cut understanding about the vulnerabilities of the asset
(ii) Understanding probable threats
(iii) Provision of necessary controls for probable threats from materializing
Any control can be implemented in both a manual and computerized environment for the same purpose. Only, the implementation methodology may differ from one to another case. The major features of such control are:
♦ Employ qualified personnel
♦ Segregation of duties
♦ Access control
♦ Documentation
♦ Prescribing appropriate books for a course
♦ Training and retraining of staff
♦ Authorization of transaction
♦ Validation, edit checks in the application
♦ Firewalls
♦ Anti-virus software (sometimes this acts like a corrective control also), etc
♦ Passwords