Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.


Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.


Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.


Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.


Data in storage is encrypted on all devices.


Systems perform validation to ensure employees choose strong passwords.


An IT governance process reviews security incidents on a monthly basis.


A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Learn More
Penetration Pricing Jonathan Poland

Penetration Pricing

Penetration pricing is a pricing strategy in which a company initially sets a low price for its products or services…

Accept vs Except Jonathan Poland

Accept vs Except

To accept is to consent, to receive or to believe something. Except means “not including.” Accept: to consent, to receive,…

Process Automation Jonathan Poland

Process Automation

Introduction: Process automation refers to the use of information systems to automate business processes in order to improve efficiency and…

Relative Advantage Jonathan Poland

Relative Advantage

Relative advantage refers to the extent to which a company’s product, service, or offering is superior to those of its…

Business Verbs Jonathan Poland

Business Verbs

Business verbs are action words that are commonly used in business communication to describe goals, plans, and achievements. These verbs…

Internal Controls Jonathan Poland

Internal Controls

Internal controls refer to the structures, processes, practices, reports, measurements, and systems that are implemented within an organization to support…

Retrenchment Strategy Jonathan Poland

Retrenchment Strategy

Retrenchment is a business strategy that involves reducing the size or scope of a company in order to improve efficiency…

Analytics Jonathan Poland


Analytics is the practice of analyzing data in order to draw insights and inform business decisions. This can include analyzing…

Government Contract Timeline 150 150 Jonathan Poland

Government Contract Timeline

A government contract award timeline can vary depending on the specific country, agency, and procurement process in question. In general,…

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Industrial Internet of Things Jonathan Poland

Industrial Internet of Things

Industrial IoT describes the ecosystem of devices, sensors, applications, and associated networking equipment that work together to collect, monitor, and analyze data across industrial operations.

Small Business Jonathan Poland

Small Business

A small business is a privately owned and operated company with a small number of employees and relatively low volume…

Cottage Industry Jonathan Poland

Cottage Industry

A cottage industry is a small-scale, home-based business or economic activity that is typically run by a single person or…

Marketing Media Jonathan Poland

Marketing Media

Marketing media refers to the channels or platforms that businesses use to deliver their marketing messages to their target audiences.…

Penetration Pricing Jonathan Poland

Penetration Pricing

Penetration pricing is a pricing strategy in which a company initially sets a low price for its products or services…

Reverse Distribution Jonathan Poland

Reverse Distribution

Reserve distribution is the process of distributing a reserve, which is a reserve amount of money or other resources that…

Ways of Thinking Jonathan Poland

Ways of Thinking

Ways of thinking refer to the mindsets and approaches that individuals use to form their ideas, opinions, decisions, and actions.…

Direct Marketing Jonathan Poland

Direct Marketing

Direct marketing is a type of marketing that involves communicating directly with potential customers in order to generate a response…

Systems Theory Jonathan Poland

Systems Theory

Systems theory is a field of study that focuses on the ways in which independent components or elements interact and…