Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Investor Relations Jonathan Poland

Investor Relations

Investor relations (IR) is the process of managing the relationship between a company and its investors. This includes communicating with…

Program Risk Jonathan Poland

Program Risk

Program risk refers to the likelihood of a program failing to achieve its goals due to potential outcomes. This type…

Chaos Theory Jonathan Poland

Chaos Theory

Chaos theory is a branch of mathematics that studies the behavior of complex systems and the impact of small changes…

Go-To-Market Strategy Jonathan Poland

Go-To-Market Strategy

A go-to-market strategy is a plan that outlines how a business will introduce its products or services to the market…

What is a Business Case? Jonathan Poland

What is a Business Case?

A business case is a document that presents a proposal for a project, strategy, or course of action. It is…

Autonomous Technology Jonathan Poland

Autonomous Technology

Autonomous technology refers to technology that is capable of functioning independently and adapting to changing real-world conditions without human intervention.…

Data Asset Jonathan Poland

Data Asset

A data asset is any data that is expected to produce future financial returns. The value of a data asset…

Variable Expenses Jonathan Poland

Variable Expenses

Variable expenses are expenses that can fluctuate over time, making them more difficult to budget and predict than fixed expenses.…

Substitution Pricing Jonathan Poland

Substitution Pricing

A substitution price is the price at which a customer will choose to switch to a different product or service…

Jonathan Poland © 2026

Enter your
text here

Learn More

Direct Marketing Jonathan Poland

Direct Marketing

Direct marketing is a type of marketing that involves communicating directly with potential customers in order to generate a response…

What is Greenwashing? Jonathan Poland

What is Greenwashing?

Greenwashing refers to the act of making false or misleading claims about the environmental benefits of a product or company…

Key Employees Jonathan Poland

Key Employees

Key employees, or key personnel, are individuals who possess unique skills, knowledge, or connections that make their prolonged absence or…

Sales Metrics Jonathan Poland

Sales Metrics

Sales metrics are commonly used to assess the performance of a sales team or individual salesperson. These metrics can be…

Business Decisions Jonathan Poland

Business Decisions

A business decision is a commitment made by a company, team, or individual employee to a specific course of action.…

Information Security Jonathan Poland

Information Security

Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It is a…

IT Governance Jonathan Poland

IT Governance

IT Governance refers to the way in which an organization’s executive leadership manages and directs information technology. It is a…

Types of Fallacies Jonathan Poland

Types of Fallacies

A fallacy is an error in reasoning that can lead to an incorrect conclusion. Fallacies can be found in arguments,…

Brand Implementation Jonathan Poland

Brand Implementation

Brand implementation involves the use of project management techniques to plan and execute brand strategy. It is the practical application…