Detection controls (represented in blue boxes) are security measures that help identify potential security breaches and suspicious activity. They include tools such as intrusion detection systems, antivirus software, and vulnerability scanners. These controls enable organizations to detect security threats and vulnerabilities, allowing them to take appropriate action to mitigate the risk and prevent further damage.
Mitigation controls (represented in red boxes) are security measures that organizations use to reduce the impact of a security incident or data breach. These controls include tools such as access controls, data encryption, network segmentation, and system hardening. Mitigation controls can help organizations minimize the damage caused by an incident and prevent it from spreading further.
The advanced level of the RCx provides additional security measures to complement the foundational level controls and further strengthen an organization's resilience against ransomware attacks.