week 6

K1.6 The role and types of compensating business control techniques in protecting the digital security of an organisation:

Compensating controls are backup or alternative security measures that are put in place when a primary (main) control fails, is unavailable, or isn’t fully effective.

They act as a safety net to maintain security if the original control:

• Is temporarily down

• Can’t be used due to cost, complexity, or compatibility

• Fails unexpectedly

These controls do not replace the original control, but reduce the risk until the primary control can be restored.

---

🛡️ Types of Compensating Control Techniques

Compensating controls can be physical or administrative.

Physical Compensating Controls

These are environmental or infrastructure-related measures that support the continuity of systems, especially in the event of failure.

Administrative Compensating Controls (Policies and Procedures)

These help guide people on how to react or adapt when the usual security controls are not available.

These policies ensure staff know how to maintain safety and security when the standard systems aren’t working correctly.

Backup Security Plan – When the Main Control Fails

Scenario:
A company’s main server cooling system fails, and the temperature begins to rise. You’ve been asked to put together a compensating control plan.
Task:

1. Choose one physical and one administrative compensating control.
2. For each:
          Describe what it is
          Explain how it helps reduce risk
          Identify when it should be used

Extension:
Write a short Standard Operating Procedure (SOP) for what IT staff should do if the environmental controls (like the cooling system) stop working.

Last Updated
2025-07-11 14:14:53