Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Talent Development 150 150 Jonathan Poland

Talent Development

Talent development is a critical aspect of organizational growth and improvement, and it focuses on the processes, strategies, and practices…

What is Greenwashing? Jonathan Poland

What is Greenwashing?

Greenwashing refers to the act of making false or misleading claims about the environmental benefits of a product or company…

Sustainable Materials Jonathan Poland

Sustainable Materials

Sustainable materials are materials that have a relatively positive impact on communities and the environment when used in the construction…

Unknown Risk Jonathan Poland

Unknown Risk

An unknown risk is a potential loss that is not recognized or identified. In the context of risk management, unknown…

Research Skills Jonathan Poland

Research Skills

Research skills are abilities that enable individuals to effectively investigate, analyze, and communicate knowledge. These skills are essential for success…

Is Greed Good? Jonathan Poland

Is Greed Good?

Greed is good is a paraphrased quote that originates with the 1987 film Wall Street. It is important to note…

Manufacturing 150 150 Jonathan Poland

Manufacturing

Manufacturing is a critical phase in business development, especially for companies that produce physical goods. The synergies between manufacturing and…

Design Quality Jonathan Poland

Design Quality

Design quality refers to the value that a design holds for customers. It is a critical factor in the success…

Economic Change Jonathan Poland

Economic Change

Economic change refers to shifts in economic conditions, such as changes in GDP, employment rates, and prices. These shifts can…

Jonathan Poland © 2026

Enter your
text here

Learn More

Risk Management Process Jonathan Poland

Risk Management Process

Risk management is the practice of identifying and mitigating potential risks that could result in financial losses or other negative…

Elastic Demand Jonathan Poland

Elastic Demand

Elastic demand is a term used in economics to describe the responsiveness of the quantity of a good or service…

Lifetime Customer Value Jonathan Poland

Lifetime Customer Value

Lifetime customer value (LCV) is a measure of the total value that a customer will bring to a business over…

Channel Management Jonathan Poland

Channel Management

Channel management refers to the process of coordinating and optimizing the distribution channels that a company uses to bring its…

What is Media? Jonathan Poland

What is Media?

Media refers to the various channels through which information and entertainment can be delivered.

Examples of Capital Intensive Jonathan Poland

Examples of Capital Intensive

An industry, organization, or activity that is capital intensive requires a large amount of fixed capital, such as buildings and…

Two-Sided Market Jonathan Poland

Two-Sided Market

A two-sided market, also known as a multi-sided platform, is a market in which two or more groups of customers…

Risk Impact Jonathan Poland

Risk Impact

Risk impact refers to the potential consequences or losses that an organization or individual may incur as a result of…

Product Features Jonathan Poland

Product Features

A product feature is a characteristic or aspect of a product that contributes to its overall functionality and performance. Product…