Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.


Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.


Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.


Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.


Data in storage is encrypted on all devices.


Systems perform validation to ensure employees choose strong passwords.


An IT governance process reviews security incidents on a monthly basis.


A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Learn More
Influence Jonathan Poland


Influence is the ability to have an impact on the thoughts, behaviors, and values of an individual. It can involve…

Pull Strategy Jonathan Poland

Pull Strategy

A pull strategy is a marketing approach in which a company creates demand for its product or service by promoting…

Cost Benefit Analysis Jonathan Poland

Cost Benefit Analysis

Cost-benefit analysis (CBA) is a systematic approach to evaluating the costs and benefits of a project, program, or policy to…

Environmental Challenges Jonathan Poland

Environmental Challenges

Environmental issues are detrimental changes to the Earth’s natural surroundings that negatively impact the current quality of life for individuals…

Customer Convenience Jonathan Poland

Customer Convenience

Customer convenience refers to any aspect of the customer experience that makes it easier and more efficient for them. This…

Cost Effectiveness Jonathan Poland

Cost Effectiveness

Cost effectiveness is the measure of the relationship between the costs and outcomes of a program, project, or intervention. It…

Price Umbrella Jonathan Poland

Price Umbrella

A price umbrella is a pricing strategy in which a company sets a high price for a premium product or…

Key Performance Indicators Jonathan Poland

Key Performance Indicators

KPIs, or key performance indicators, are metrics that are used to measure the performance of a business or organization. These…

Types of Win-Win Jonathan Poland

Types of Win-Win

Win-win, also known as mutually beneficial, refers to a situation or plan that has the potential to benefit all parties…

Content Database

Sticky Prices Jonathan Poland

Sticky Prices

Sticky prices are a common phenomenon in many markets, and they can have a significant impact on the overall economy.…

Ground Rules Jonathan Poland

Ground Rules

Ground rules are rules or guidelines that are established at the beginning of a meeting, activity, or other situation to…

Market Development Jonathan Poland

Market Development

Market development is the process of entering new markets to expand revenue and reduce concentration risk. It involves identifying and…

Systematic Risk Jonathan Poland

Systematic Risk

Systemic risk is the risk that a problem in one part of the financial system will have broader impacts on…

What is a Trade Show? Jonathan Poland

What is a Trade Show?

A trade show is an industry-specific event where businesses in a particular sector showcase their products, services, and innovations to…

Benchmarking Jonathan Poland


Benchmarking is the process of comparing the performance of a business, product, or process against other businesses, products, or processes…

Psychographics Jonathan Poland


Psychographics is the study of personality, values, attitudes, interests, and lifestyles. It is a research method used to identify and…

Risk Evaluation Jonathan Poland

Risk Evaluation

Risk evaluation is the process of identifying and assessing the risks that an organization or individual may face. It is…

Risk Mitigation Jonathan Poland

Risk Mitigation

Risk mitigation is the process of identifying, analyzing, and taking steps to reduce or eliminate risks to an individual or…