Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

BATNA Jonathan Poland

BATNA

BATNA, or best alternative to a negotiated agreement, is the course of action that a party in a negotiation would…

Sales Metrics Jonathan Poland

Sales Metrics

Sales metrics are commonly used to assess the performance of a sales team or individual salesperson. These metrics can be…

What is Avoidance? Jonathan Poland

What is Avoidance?

Avoidance is the act of avoiding something that one finds unpleasant or inconvenient. This can involve a variety of different…

Business Efficiency Jonathan Poland

Business Efficiency

Business efficiency refers to the effectiveness with which a company or organization converts inputs, such as capital, labor, and materials,…

Sales Management Jonathan Poland

Sales Management

Sales management is the process of overseeing and directing an organization’s sales team. It involves setting sales goals, analyzing data,…

Sales Development Jonathan Poland

Sales Development

Sales development is a crucial part of the sales process that involves identifying potential buyers and developing qualified leads. This…

Bargaining Power Jonathan Poland

Bargaining Power

Bargaining power is a concept in negotiation theory that refers to the relative ability of parties to influence each other…

Creative Ability Jonathan Poland

Creative Ability

Creative ability is the talent or aptitude for creating ideas or products that are original, valuable, and impactful. This can…

Project Goals Jonathan Poland

Project Goals

Project goals refer to the desired business outcomes that a project aims to achieve. These goals are typically outlined in…

Jonathan Poland © 2026

Enter your
text here

Learn More

Risk Response Jonathan Poland

Risk Response

Risk response is the process of addressing identified risks in order to control or mitigate their impact. It is an…

Final Offer Jonathan Poland

Final Offer

A final offer, also known as a best and final offer, is a negotiation tactic in which a party submits…

Microtransactions Jonathan Poland

Microtransactions

Microtransactions is a large scale industry that is becoming a dominant business for certain types of companies. They are small…

Innovation Risk Jonathan Poland

Innovation Risk

Innovation is a proactive approach to business and design that aims to make significant improvements, rather than simply making incremental…

Relative Advantage Jonathan Poland

Relative Advantage

Relative advantage refers to the extent to which a company’s product, service, or offering is superior to those of its…

Target Costing Jonathan Poland

Target Costing

Target costing is a cost management approach that involves setting a target cost for a product or service and then…

What is Greenwashing? Jonathan Poland

What is Greenwashing?

Greenwashing refers to the act of making false or misleading claims about the environmental benefits of a product or company…

Figure of Merit Jonathan Poland

Figure of Merit

A figure of merit (FOM) is a value used to evaluate the performance of a system or device. It is…

Lead Qualification Jonathan Poland

Lead Qualification

Lead qualification is the process of identifying the most promising sales leads and focusing sales efforts on those leads that…