What are security controls?
Security controls are specific actions, steps, processes or measures that a businesses implements in order to reduce risk, protect data or assets, and meet the requirements outlined by compliance standards. These actions can be digital, such an requiring multi-factor authentication to access company data, or physical, such as installing biometric locks in locations where sensitive information is stored.
There are three main types of controls:
Preventive Controls stop security incidents before they happen. Examples include firewalls, multi-factor authentication (MFA), and role-based access controls.
Detective Controls identify and alert organisations to security threats. These include intrusion detection systems, security monitoring, and audit logs.
Corrective Controls respond to and mitigate incidents after they occur. Examples include incident response plans, backups, and automated remediation tools.
There are three main types of controls:
Preventive Controls stop security incidents before they happen. Examples include firewalls, multi-factor authentication (MFA), and role-based access controls.
Detective Controls identify and alert organisations to security threats. These include intrusion detection systems, security monitoring, and audit logs.
Corrective Controls respond to and mitigate incidents after they occur. Examples include incident response plans, backups, and automated remediation tools.
Updated on: 18/02/2025
Thank you!