Question: Please identify the following, Identify if that security control you are recommending to protect your asset is preventive, detective, or corrective.
1. Asset identification: Identify what might be a personal or business asset (think of something you have at home that you would like to protect, or something that your company has that needs protection).
2. Attacker/threat identification: Who are the likely attackers to that asset? What other threats are there that can negatively impact that asset? Remember that an attacker is always a person with intent, and is only one type of threat - we also have natural disasters, accidents, etc. that are not "attacks" as they don't have malicious intent behind them.
3. Impact: Identify the impact if the attack or threat was "actualized" (happened). Would there be a monetary loss? Loss of confidence (in the event of a business breach)? Fine (in the event of a loss of PII or PHI)?
4. Remediation: Research and recommend a security control (i.e. firewall, lock on a door, etc.) that can remediate (prevent, detect, correct, etc.) the attack or threat.