What are security controls?
Security controls are specific actions, steps, processes or measures that a businesses implements in order to reduce risk, protect data or assets, and meet the requirements outlined by compliance standards. These actions can be digital, such an requiring multi-factor authentication to access company data, or physical, such as installing biometric locks in locations where sensitive information is stored.
There are three main types of controls:
- Preventive Controls stop security incidents before they happen. Examples include firewalls, multi-factor authentication (MFA), and role-based access controls.
- Detective Controls identify and alert organisations to security threats. These include intrusion detection systems, security monitoring, and audit logs.
- Corrective Controls respond to and mitigate incidents after they occur. Examples include incident response plans, backups, and automated remediation tools.
Updated on: 18/02/2025
Thank you!