What are security controls?

Security controls are specific actions, steps, processes or measures that a businesses implements in order to reduce risk, protect data or assets, and meet the requirements outlined by compliance standards. These actions can be digital, such an requiring multi-factor authentication to access company data, or physical, such as installing biometric locks in locations where sensitive information is stored.

There are three main types of controls:

• Preventive Controls stop security incidents before they happen. Examples include firewalls, multi-factor authentication (MFA), and role-based access controls.
• Detective Controls identify and alert organisations to security threats. These include intrusion detection systems, security monitoring, and audit logs.
• Corrective Controls respond to and mitigate incidents after they occur. Examples include incident response plans, backups, and automated remediation tools.

Updated on: 18/02/2025