Warning banners on login screens serve as deterrent controls. Deterrent controls are designed to discourage individuals from attempting unauthorized actions by warning them of potential consequences.
Purpose of Warning Banners
Warning banners provide clear notice to users, both authorized and unauthorized, that their activities may be monitored and that unauthorized access is prohibited.
They serve as a legal disclaimer, which can be crucial in prosecuting unauthorized access attempts.
Effectiveness as a Deterrent Control
The primary function of a warning banner is to deter potential intruders by making them aware of the surveillance and legal implications of unauthorized access.
For authorized users, it reinforces awareness of the organization's security policies and acceptable use agreements.
Comparison with Other Control Types
A. Corrective: These controls are used to correct or restore systems after an incident.
B. Preventive: These controls are designed to prevent security incidents from occurring.
C. Detective: These controls are used to detect and alert about security incidents.
D. Deterrent: These controls are intended to discourage individuals from performing unauthorized activities.
References
Sybex-CISSP-Official-Study-Guide-9-Edition.pdf, p. 829, detailing the role of warning banners as deterrent controls​​.
