Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Process Efficiency Jonathan Poland

Process Efficiency

Process efficiency refers to the effectiveness of a process in achieving its intended outcomes, while minimizing waste and inefficiency. A…

Project Proposal Jonathan Poland

Project Proposal

A project proposal is a document that outlines a proposed project and presents it to potential sponsors or stakeholders for…

Efficiency Jonathan Poland

Efficiency

Efficiency is a measure of how well resources are used to produce goods and services. It is typically calculated by…

Autonomous System Jonathan Poland

Autonomous System

An autonomous system is a system that is capable of functioning independently, without the need for human intervention. Autonomous systems…

Boss Archetypes Jonathan Poland

Boss Archetypes

A boss is a person who manages and oversees the work of an organization, department, or team. The term “boss”…

Becton Dickinson Jonathan Poland

Becton Dickinson

Becton, Dickinson and Company (BD) is a global medical technology company that is focused on improving the lives of people…

Big Picture Thinking Jonathan Poland

Big Picture Thinking

“The big picture” refers to the broadest possible perspective that can be taken in a thought process. Big picture thinking…

Razor and Blades Jonathan Poland

Razor and Blades

The razor and blades model, also known as the bait and hook model, is a business strategy that involves selling…

Consumer Services Jonathan Poland

Consumer Services

Consumer services are services that are provided to individual consumers, rather than to businesses or organizations. These services are typically…

Jonathan Poland © 2026
Enter your
text here

Learn More

Internet of Things Jonathan Poland

Internet of Things

The Internet of things describes physical objects with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or communication networks.

Brand Risk Jonathan Poland

Brand Risk

Brand risk refers to the potential for a brand to lose value or for a new brand to fail in…

Systems Thinking Jonathan Poland

Systems Thinking

Systems thinking is the practice of analyzing the entire system, rather than just its individual parts, in order to understand…

What is Competitive Parity? Jonathan Poland

What is Competitive Parity?

Competitive parity is a marketing strategy that involves matching or aligning a company’s marketing mix with that of its competitors.…

Agile Change Management Jonathan Poland

Agile Change Management

Agile change management is the practice of leading continuous delivery processes in which changes are shipped within weeks. This approach…

Narrative 101 Jonathan Poland

Narrative 101

Sales and marketing are the lifeblood of business and should be integrated into one function to drive business and brand narrative.

One Stop Shop Jonathan Poland

One Stop Shop

A one stop shop model is a business model in which a single company or organization offers a wide range…

ERG Theory Jonathan Poland

ERG Theory

ERG theory is a motivational theory that was developed by Clayton Alderfer. It is an extension of Maslow’s hierarchy of…

Veblen Goods Jonathan Poland

Veblen Goods

Veblen goods are a type of consumer good that is perceived as being more valuable or desirable because of its…