Access controls also directly reduce the likelihood of compromise by blocking unauthorized attempts to access the system. In contrast to the other two categories, monitoring controls do not directly reduce the risk of an information security compromise. Instead, monitoring controls indirectly reduce the risk of an incident by improving the effectiveness of the other two categories of controls. For example, proper documentation reduces the risk of overlooking key systems when altering default configurations, employing patches, deploying firewalls, and implementing other types of security controls.
Similarly, log analysis can help identify the causes of incidents; such knowledge can then be used to modify
existing controls to reduce the risk that a similar attack will succeed in the future.