Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Growth Strategy Jonathan Poland

Growth Strategy

A growth strategy is a plan to increase or improve some KPI, like revenue, profit, subscribers, etc.

Servant Leadership Jonathan Poland

Servant Leadership

Servant leadership is a leadership style in which the leader puts the needs of the team or organization above their…

Business Models Jonathan Poland

Business Models

Business models define how a company creates, delivers, and captures value. There are numerous business models, each tailored to specific…

Employee Development Jonathan Poland

Employee Development

Employee development is the process of providing employees with learning and experience opportunities that support their career aspirations and the…

Internal Benchmarking Jonathan Poland

Internal Benchmarking

Internal benchmarking is the process of comparing the performance of one aspect or function within a company to another aspect…

Team Manager Jonathan Poland

Team Manager

A team manager is responsible for directing and controlling an organizational unit. This leadership role involves authority and accountability for…

Government Contract Timeline 150 150 Jonathan Poland

Government Contract Timeline

A government contract award timeline can vary depending on the specific country, agency, and procurement process in question. In general,…

Strategic Direction Jonathan Poland

Strategic Direction

Strategic direction refers to the long-term vision and direction of an organization, and it serves as a guiding principle for…

Tactical Risk Jonathan Poland

Tactical Risk

Tactical risk refers to the potential for losses due to changes in business conditions in real-time. Tactics differ from strategy…

Jonathan Poland © 2026

Enter your
text here

Learn More

Risk Contingency Jonathan Poland

Risk Contingency

A risk contingency plan is a course of action that is put in place to mitigate the negative consequences of…

Project Failure Jonathan Poland

Project Failure

A project is considered a failure when it does not meet the expectations of sponsors and other key stakeholders. This…

Strategic Direction Jonathan Poland

Strategic Direction

Strategic direction refers to the long-term vision and direction of an organization, and it serves as a guiding principle for…

Employee Costs Jonathan Poland

Employee Costs

Employee costs refer to all of the expenses that are incurred when hiring and employing an individual. These costs go…

In-Store Marketing Jonathan Poland

In-Store Marketing

In-store marketing refers to the use of physical retail locations, such as stores and showrooms, as a platform for marketing…

Boss Archetypes Jonathan Poland

Boss Archetypes

A boss is a person who manages and oversees the work of an organization, department, or team. The term “boss”…

Window of Opportunity Jonathan Poland

Window of Opportunity

The window of opportunity is a concept that refers to a limited time period during which an opportunity is available…

Operating Costs Jonathan Poland

Operating Costs

Operating costs are the expenses that a company incurs in order to generate revenues from its business operations. These costs…

Human Capital Jonathan Poland

Human Capital

Human capital refers to the future productive potential of people, which is often difficult to estimate directly. Instead, it is…