Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Data Proliferation Jonathan Poland

Data Proliferation

Data proliferation refers to the rapid growth of data, often resulting in a large amount of replicated and low-quality data.…

Advantages vs Disadvantages of Technology Jonathan Poland

Advantages vs Disadvantages of Technology

Technology has brought many advantages to modern society, and has greatly improved the way we live and work. Some of…

Motivation Jonathan Poland

Motivation

Motivation is the driving force that inspires people to take action and pursue their goals. It is an important factor…

Community Problems Jonathan Poland

Community Problems

Community problems are local issues that can only be effectively addressed by involving the people who live in the affected…

Brand Awareness Jonathan Poland

Brand Awareness

Brand awareness refers to the extent to which consumers are familiar with and able to recognize a brand. It is…

Original Research Jonathan Poland

Original Research

Original research refers to the creation of new knowledge through the investigation of a topic or problem. This can involve…

Storytelling Jonathan Poland

Storytelling

Storytelling is the act of using narrative to communicate information in an engaging and memorable way. Businesses can use storytelling…

Audience Analysis Jonathan Poland

Audience Analysis

Audience analysis is the process of studying and understanding the characteristics of a target audience. This is often done in…

Risk Estimates Jonathan Poland

Risk Estimates

Risk estimates are predictions or projections of the likelihood and potential consequences of risks. They are used to inform risk…

Jonathan Poland © 2026

Enter your
text here

Learn More

Law of Demand Jonathan Poland

Law of Demand

The law of demand is a fundamental principle in economics that states that, all other factors being equal, the quantity…

Market Expansion Jonathan Poland

Market Expansion

Market expansion is a growth strategy that involves offering an existing product to a new market.

Rental Lease 101 Jonathan Poland

Rental Lease 101

In general, a rental lease is a contract between a landlord and a tenant that outlines the terms and conditions…

Market Potential Jonathan Poland

Market Potential

Market potential is the entire size of the market for a product at a specific time. It represents the upper limits of the market for a product. Market potential is usually measured either by sales value or sales volume.

Media Vehicles Jonathan Poland

Media Vehicles

A media vehicle refers to a specific media outlet or platform that is used to deliver advertising messages to a…

Infrastructure Risk Jonathan Poland

Infrastructure Risk

Infrastructure risk refers to the potential negative consequences that a business may face as a result of failures in core…

Negotiation Tactics Jonathan Poland

Negotiation Tactics

Negotiation tactics are strategies and techniques used in the process of negotiation to help achieve an individual or group’s objectives.…

Settlement Risk Jonathan Poland

Settlement Risk

Settlement risk is the risk that a trading counterparty will not deliver a security or asset as agreed upon in…

Business Models Jonathan Poland

Business Models

Business models define how a company creates, delivers, and captures value. There are numerous business models, each tailored to specific…