Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.


Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.


Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.


Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.


Data in storage is encrypted on all devices.


Systems perform validation to ensure employees choose strong passwords.


An IT governance process reviews security incidents on a monthly basis.


A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Learn More…

Positive Feedback Loop Jonathan Poland

Positive Feedback Loop

A positive feedback loop is a situation where an initial change or…

Process Automation Jonathan Poland

Process Automation

Introduction: Process automation refers to the use of information systems to automate…

Taxes Jonathan Poland


Taxes are mandatory financial contributions that are levied by a government on…

Substitution Pricing Jonathan Poland

Substitution Pricing

A substitution price is the price at which a customer will choose…

Design Innovation Jonathan Poland

Design Innovation

Design innovation refers to the development of designs that represent a significant…

Dismissing Employees Jonathan Poland

Dismissing Employees

Letting go (aka firing) employees is a difficult and sensitive task, and…

What is Baseline? Jonathan Poland

What is Baseline?

A baseline is a reference point or starting point that represents the…

Management Approaches Jonathan Poland

Management Approaches

Management approaches are methods or techniques that are used to direct and…

Consumer Services Jonathan Poland

Consumer Services

Consumer services are services that are provided to individual consumers, rather than…

Jonathan Poland © 2023

Search the Database

Over 1,000 posts on topics ranging from strategy to operations, innovation to finance, technology to risk and much more…

Advantages vs Disadvantages of Technology Jonathan Poland

Advantages vs Disadvantages of Technology

Technology has brought many advantages to modern society, and has greatly improved…

Market Risk Jonathan Poland

Market Risk

Market risk is the possibility that the value of an investment will…

Change Management Jonathan Poland

Change Management

Change management is the process of planning and implementing changes within an…

Strategic Risk Jonathan Poland

Strategic Risk

Strategy risk refers to the potential for losses resulting from the implementation…

Local Marketing Jonathan Poland

Local Marketing

Local marketing refers to any marketing strategy that targets customers in a…

Business Process Improvement Jonathan Poland

Business Process Improvement

Business process improvement involves identifying and implementing changes to processes in order…

Organic Growth Jonathan Poland

Organic Growth

Organic growth refers to an increase in revenue that is generated through…

Environmental Challenges Jonathan Poland

Environmental Challenges

Environmental issues are detrimental changes to the Earth’s natural surroundings that negatively…

Narrative 101 Jonathan Poland

Narrative 101

Sales and marketing are the lifeblood of business and should be integrated into one function to drive business and brand narrative.