Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Asset Based Lending Jonathan Poland

Asset Based Lending

Asset-based lending (ABL) is a type of business financing in which a loan or line of credit is secured by…

Capital Improvements Jonathan Poland

Capital Improvements

Capital improvements are investments in new assets or the improvement of existing assets that are intended to provide a long-term…

Strategic Risk Jonathan Poland

Strategic Risk

Strategy risk refers to the potential for losses resulting from the implementation of a particular strategy. All strategies carry some…

Cross Sellilng Jonathan Poland

Cross Sellilng

Cross-selling is the practice of selling additional products or services to existing customers. In a single transaction, this might involve…

Brand Implementation Jonathan Poland

Brand Implementation

Brand implementation involves the use of project management techniques to plan and execute brand strategy. It is the practical application…

Community Problems Jonathan Poland

Community Problems

Community problems are local issues that can only be effectively addressed by involving the people who live in the affected…

Decision Costs Jonathan Poland

Decision Costs

Decision costs refer to the costs associated with making a decision. These costs can take many forms, including the time…

What is a Trade Show? Jonathan Poland

What is a Trade Show?

A trade show is an industry-specific event where businesses in a particular sector showcase their products, services, and innovations to…

Pricing 101 Jonathan Poland

Pricing 101

Pricing refers to the process of determining the value that a business will receive in exchange for its products or…

Jonathan Poland © 2025
Enter your
text here

Learn More

Cultural Norms Jonathan Poland

Cultural Norms

A cultural norm is a shared belief or behavior that is considered to be acceptable or appropriate within a particular…

Gap Analysis Jonathan Poland

Gap Analysis

A gap analysis is a method used to determine the distance between an organization’s current state and its desired future…

Types of Capital Jonathan Poland

Types of Capital

Capital is an asset that is expected to produce future economic value. It is a productive resource that is used…

Buying Behavior Jonathan Poland

Buying Behavior

Buying behavior refers to the actions and decisions made by consumers when purchasing goods or services. These are relevant to…

What is an Exit Interview? Jonathan Poland

What is an Exit Interview?

An exit interview is a formal meeting or conversation that takes place when an employee is leaving an organization, regardless…

Industrial Internet of Things Jonathan Poland

Industrial Internet of Things

Industrial IoT describes the ecosystem of devices, sensors, applications, and associated networking equipment that work together to collect, monitor, and analyze data across industrial operations.

Schedule Risk Jonathan Poland

Schedule Risk

Schedule risk refers to the risk that a strategy, project, or task will take longer than expected to complete. A…

Team Strategy Jonathan Poland

Team Strategy

A team strategy is a plan that outlines how a team will achieve its goals. Developing and implementing a strategy…

ResMed Jonathan Poland

ResMed

ResMed is a global medical equipment company that provides innovative solutions for the treatment of sleep-disordered breathing, including sleep apnea…